General
-
Target
a25c0227728878c386ab6dba139976cb10e853dd3cd1eb3623f236ee8e1df212.bin
-
Size
678KB
-
Sample
210808-a8pm3k2lja
-
MD5
ff1b2e9d3e7af50b302b090a15d15c76
-
SHA1
3bae4caa7c4ecca659aec342472fe49b3c0b2131
-
SHA256
a25c0227728878c386ab6dba139976cb10e853dd3cd1eb3623f236ee8e1df212
-
SHA512
d3527aa4e7d4a8fbd0565ea8c0d26dc7e9ff0f294efa5260b9e964e5943782eb697b964cb684ad9008a717b93cfd120ec1337acb0ecbefef0931313f7b88e881
Malware Config
Targets
-
-
Target
a25c0227728878c386ab6dba139976cb10e853dd3cd1eb3623f236ee8e1df212.bin
-
Size
678KB
-
MD5
ff1b2e9d3e7af50b302b090a15d15c76
-
SHA1
3bae4caa7c4ecca659aec342472fe49b3c0b2131
-
SHA256
a25c0227728878c386ab6dba139976cb10e853dd3cd1eb3623f236ee8e1df212
-
SHA512
d3527aa4e7d4a8fbd0565ea8c0d26dc7e9ff0f294efa5260b9e964e5943782eb697b964cb684ad9008a717b93cfd120ec1337acb0ecbefef0931313f7b88e881
Score10/10-
MedusaLocker
Ransomware with several variants first seen in September 2019.
-
MedusaLocker Payload
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-