MeduzaStealer
Meduza Stealer is a Russian C++ stealer. RUN.exe. NtQuery dual anti-debug. MinGW compiled.
Threat Profile
Type
Infostealer
Programming LanguageC#/.NET
C2 ProtocolHTTP/TLS
First Seen2023
Targets
Kuresel — Oyun/Kripto Topluluklari
Purpose / Capabilities
- Credential + Crypto Theft
No C2 servers have been identified for this family yet.
Research Reports (3)
MeduzaStealer -- RUN.exe Beş C2 Substring, NtQuerySystemInformation NtQueryInformationProcess Çift NT Anti-Debug | Yüksek
MeduzaStealer 1.5MB RUN.exe. @c2/$ 9&!c2 T^1C2$i &lT^1C2$Q 8U,c2< bes c2 substring. NtQuerySystemInformation NtQueryInformationProcess cift NT API anti-debug.
Read Report →Meduza Stealer -- gem1.exe 1.2MB .NET, lD3Qrc28TgRo8O7lKM Config, AD446C34 Hash | Yuksek
Meduza Stealer gem1.exe 1.2MB .NET. Config: lD3Qrc28TgRo8O7lKM. Browser kimlik bilgisi calma.
Read Report →Meduza Stealer — .NET 4.7.2 ConfuserEx Obfuskasyon, MaaS Infostealer, Tarayici ve Kripto Hedefi | Yuksek
Meduza Stealer .NET 4.7.2 ile yazilmis MaaS infostealerdir. ConfuserEx ile agir sekilde obfuske edilmis. Cleartext C2 bulunamadi. 1.2MB gem1.exe lure.
Read Report →