MeduzaStealer

Meduza Stealer is a Russian C++ stealer. RUN.exe. NtQuery dual anti-debug. MinGW compiled.

Threat Profile
Type Infostealer
Programming LanguageC#/.NET
C2 ProtocolHTTP/TLS
First Seen2023
Targets Kuresel — Oyun/Kripto Topluluklari
Purpose / Capabilities
  • Credential + Crypto Theft
No C2 servers have been identified for this family yet.

Research Reports (3)

High

MeduzaStealer -- RUN.exe Beş C2 Substring, NtQuerySystemInformation NtQueryInformationProcess Çift NT Anti-Debug | Yüksek

MeduzaStealer 1.5MB RUN.exe. @c2/$ 9&!c2 T^1C2$i &lT^1C2$Q 8U,c2< bes c2 substring. NtQuerySystemInformation NtQueryInformationProcess cift NT API anti-debug.

Read Report →
High

Meduza Stealer -- gem1.exe 1.2MB .NET, lD3Qrc28TgRo8O7lKM Config, AD446C34 Hash | Yuksek

Meduza Stealer gem1.exe 1.2MB .NET. Config: lD3Qrc28TgRo8O7lKM. Browser kimlik bilgisi calma.

Read Report →
High

Meduza Stealer — .NET 4.7.2 ConfuserEx Obfuskasyon, MaaS Infostealer, Tarayici ve Kripto Hedefi | Yuksek

Meduza Stealer .NET 4.7.2 ile yazilmis MaaS infostealerdir. ConfuserEx ile agir sekilde obfuske edilmis. Cleartext C2 bulunamadi. 1.2MB gem1.exe lure.

Read Report →