General

  • Target

    d595339cbbf415eca195eb3a0d9a8b6c9ff82a0cf36e4e867f5cef24503bb532.bin

  • Size

    669KB

  • Sample

    210808-f7ja543gzx

  • MD5

    45de70c85ece8763c685808eea085df4

  • SHA1

    c9dd5313a661fd17b154ccb17a36e8399fc933a5

  • SHA256

    d595339cbbf415eca195eb3a0d9a8b6c9ff82a0cf36e4e867f5cef24503bb532

  • SHA512

    03a1d922711db1afc0a512151371c9a97a7478578c11591109537b1427aeac8b3ac44aa52c83439afe56e20134fd888bcaee1632f6046ce8edf0d99622fb362d

Malware Config

Targets

    • Target

      d595339cbbf415eca195eb3a0d9a8b6c9ff82a0cf36e4e867f5cef24503bb532.bin

    • Size

      669KB

    • MD5

      45de70c85ece8763c685808eea085df4

    • SHA1

      c9dd5313a661fd17b154ccb17a36e8399fc933a5

    • SHA256

      d595339cbbf415eca195eb3a0d9a8b6c9ff82a0cf36e4e867f5cef24503bb532

    • SHA512

      03a1d922711db1afc0a512151371c9a97a7478578c11591109537b1427aeac8b3ac44aa52c83439afe56e20134fd888bcaee1632f6046ce8edf0d99622fb362d

    • MedusaLocker

      Ransomware with several variants first seen in September 2019.

    • MedusaLocker Payload

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks