medusalocker | c632ce1dc34111c66efb817f608bf3b547fc9df5fed478d736b4c53a41ba193e | Triage

Submit
Reports

Overview

overview

Static

static

c632ce1dc3...3e.exe

windows7_x64

c632ce1dc3...3e.exe

windows10-2004_x64

Sharing

General

Target

c632ce1dc34111c66efb817f608bf3b547fc9df5fed478d736b4c53a41ba193e
Size

669KB
Sample

220201-swzfeahaf9
MD5

187c968c9c7f70a8c65ebefac8e4f124
SHA1

b5ec574920e42f117024e60852968da4f0584ff0
SHA256

c632ce1dc34111c66efb817f608bf3b547fc9df5fed478d736b4c53a41ba193e
SHA512

f4d21feb6518d2712e829f5b3e8209b76851ab7ae66e2673fef08545f085bf3ece191b37bcce14074eb2c3fc50de83339ac9bee92769a20b94886289554fa3f6

Score

10^/10

medusalocker evasion persistence ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c632ce1dc34111c66efb817f608bf3b547fc9df5fed478d736b4c53a41ba193e.exe

Resource

win7-en-20211208

medusalocker evasion ransomware spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c632ce1dc34111c66efb817f608bf3b547fc9df5fed478d736b4c53a41ba193e.exe

Resource

win10v2004-en-20220113

medusalocker evasion persistence ransomware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c632ce1dc34111c66efb817f608bf3b547fc9df5fed478d736b4c53a41ba193e
- Size
  
  669KB
- MD5
  
  187c968c9c7f70a8c65ebefac8e4f124
- SHA1
  
  b5ec574920e42f117024e60852968da4f0584ff0
- SHA256
  
  c632ce1dc34111c66efb817f608bf3b547fc9df5fed478d736b4c53a41ba193e
- SHA512
  
  f4d21feb6518d2712e829f5b3e8209b76851ab7ae66e2673fef08545f085bf3ece191b37bcce14074eb2c3fc50de83339ac9bee92769a20b94886289554fa3f6
Score

10^/10

medusalocker evasion ransomware spyware stealer trojan persistence
- MedusaLocker
  Ransomware with several variants first seen in September 2019.
  ransomware medusalocker
- MedusaLocker Payload
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

medusalockerevasionransomwarespywarestealertrojan

behavioral2

medusalockerevasionpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy