medusalocker | 49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568

Resubmissions

16/09/2022, 11:57

220916-n4wl9sbddm 10

25/06/2022, 06:22

220625-g421qabec8 10

Sharing

Copy URL

Twitter E-mail

General

Target

49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568
Size

2.6MB
MD5

b58e151f956d6249f160ac8f47c7bd10
SHA1

d351062083c814935c14408a584ded7d1cb36fb6
SHA256

49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568
SHA512

592f39199967a0f5048756ea71130f3ea0937a2f20eac855d5c18a933f74b1233928cb56b749e1952d4e1da6e48b7d705d152a8b30de20c88d9ee79627f9e00b
SSDEEP

24576:nJC1YAOp0eRaNaQgxPubcoiukAby3LV1jqjx9/WBRQ/8PxS//lTQKJfF27:nw1OfMGxRoiuWZ1jUx9qrS3lsC27

Score

10^/10

medusalocker

Malware Config

Signatures

MedusaLocker Payload 1 IoCs

resource	yara_rule
sample	family_medusalocker

Medusalocker family
medusalocker

Files

49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568
.exe windows x86

41f827c781e7e8fc0ed36d1e0f13bba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CopyFileW
GetCurrentProcess
ReadConsoleW
GetTickCount
OpenProcess
CreateProcessW
TerminateProcess
WaitForSingleObject
FindFirstFileW
FindClose
SetVolumeMountPointW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetLogicalDrives
MoveFileW
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
WriteFile
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
WriteConsoleW
GetFileType
ReadFile
GetFileSizeEx
HeapQueryInformation
HeapSize
HeapReAlloc
GetCommandLineW
GetCommandLineA
CreateFileW
GetModuleFileNameW
Sleep
OpenMutexW
CreateMutexW
GetStdHandle
ResumeThread
ExitThread
MoveFileExW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
EncodePointer
DecodePointer
RaiseException
FormatMessageW
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueueUserWorkItem
GetModuleHandleExW
RtlCaptureStackBackTrace
IsProcessorFeaturePresent
MultiByteToWideChar
GetStringTypeW
CreateDirectoryW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFileAttributesW
SetFileTime
GetTempPathW
AreFileApisANSI
CreateHardLinkW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
VirtualQuery
FreeLibrary
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
LoadLibraryW
RtlUnwind
HeapValidate
GetSystemInfo
ExitProcess
GetDriveTypeW
GetFullPathNameW
SetEnvironmentVariableW

advapi32

CryptDestroyKey
RegCreateKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenKey
GetTokenInformation
OpenProcessToken
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
DeleteService
ControlService
CloseServiceHandle
CryptDuplicateKey
CryptEncrypt
CryptImportKey
CryptExportKey
RegCloseKey

shell32

SHEmptyRecycleBinW

ole32

CoInitialize
IIDFromString
CoCreateInstance
CoGetObject
CLSIDFromString
CoUninitialize
CoInitializeEx
CoInitializeSecurity

oleaut32

SysStringByteLen
SetErrorInfo
SysAllocString
VariantChangeType
GetErrorInfo
CreateErrorInfo
SysFreeString
SysAllocStringByteLen
VariantClear
VariantInit

crypt32

CryptStringToBinaryA

mpr

WNetGetConnectionW

netapi32

NetApiBufferFree
NetShareEnum

iphlpapi

GetAdaptersInfo
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

ws2_32

inet_addr

rstrtmgr

RmGetList
RmStartSession
RmRegisterResources
RmEndSession
RmShutdown

Sections

.textbss
Size: - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

41f827c781e7e8fc0ed36d1e0f13bba7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

crypt32

mpr

netapi32

iphlpapi

ws2_32

rstrtmgr

Sections

.textbss Size: - Virtual size: 931KB

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 499KB - Virtual size: 499KB

.data Size: 20KB - Virtual size: 28KB

.idata Size: 8KB - Virtual size: 8KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 78KB - Virtual size: 77KB

.textbss
Size: - Virtual size: 931KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 499KB - Virtual size: 499KB

.data
Size: 20KB - Virtual size: 28KB

.idata
Size: 8KB - Virtual size: 8KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 78KB - Virtual size: 77KB