General
-
Target
1e2335fef46f7320069623fff6702acb41c2877aff5fec83d94a561af37c3c7a.bin
-
Size
678KB
-
Sample
210808-4wv7lct8ya
-
MD5
f05df52a73ea28f25d0a85f927f2444a
-
SHA1
a5c00571f42bad2f17db4d4032b07318abc6f7f1
-
SHA256
1e2335fef46f7320069623fff6702acb41c2877aff5fec83d94a561af37c3c7a
-
SHA512
0b2a3a0bde6fcc23565ccdb1df49727930ad53345f91a3450455d0e8fb431a59af74a169d8c6ae2195afc340d7fde42969638f5d4de5501d1f75737be625e0b2
Malware Config
Targets
-
-
Target
1e2335fef46f7320069623fff6702acb41c2877aff5fec83d94a561af37c3c7a.bin
-
Size
678KB
-
MD5
f05df52a73ea28f25d0a85f927f2444a
-
SHA1
a5c00571f42bad2f17db4d4032b07318abc6f7f1
-
SHA256
1e2335fef46f7320069623fff6702acb41c2877aff5fec83d94a561af37c3c7a
-
SHA512
0b2a3a0bde6fcc23565ccdb1df49727930ad53345f91a3450455d0e8fb431a59af74a169d8c6ae2195afc340d7fde42969638f5d4de5501d1f75737be625e0b2
Score10/10-
MedusaLocker
Ransomware with several variants first seen in September 2019.
-
MedusaLocker Payload
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-