General
-
Target
Gr_rs.exe
-
Size
678KB
-
Sample
210415-7h1whrvm16
-
MD5
7684408e648ed2c462817083cd61d6d5
-
SHA1
8dc1ba94b3b2996dcf45aa2b73730ff636fbed2e
-
SHA256
b0f6d7c7a168f77b93aa42d7dc22a0118f98f525c14272467ff37c34217417d9
-
SHA512
00224011cae9e86fac9f394b52b5267166f3bfc6ac6fe34594aaebd53c74f64f716bebdf1e9ad30072d0f800e22680597b766aca8dcc0d57c9f43d39092b7f55
Static task
static1
Behavioral task
behavioral1
Sample
Gr_rs.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Gr_rs.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\Desktop\Recovery_Instructions.html
medusalocker
support@imfoodst.com support@securycasts.com
http://gvlay6u4g53rxdi5.onion/8-Ww5sCBhsL8eM4PeAgsfgfa9lrqa81r31-c5EO4jlAOS7D8NCgbfZhNaL4wpxKeGEy
Targets
-
-
Target
Gr_rs.exe
-
Size
678KB
-
MD5
7684408e648ed2c462817083cd61d6d5
-
SHA1
8dc1ba94b3b2996dcf45aa2b73730ff636fbed2e
-
SHA256
b0f6d7c7a168f77b93aa42d7dc22a0118f98f525c14272467ff37c34217417d9
-
SHA512
00224011cae9e86fac9f394b52b5267166f3bfc6ac6fe34594aaebd53c74f64f716bebdf1e9ad30072d0f800e22680597b766aca8dcc0d57c9f43d39092b7f55
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-