Overview

overview

10

Static

static

10

49da42d00c...68.exe

windows7-x64

10

49da42d00c...68.exe

windows10-2004-x64

10

Resubmissions

16-09-2022 11:57

220916-n4wl9sbddm 10

25-06-2022 06:22

220625-g421qabec8 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568

  • Size

    2.6MB

  • Sample

    220916-n4wl9sbddm

  • MD5

    b58e151f956d6249f160ac8f47c7bd10

  • SHA1

    d351062083c814935c14408a584ded7d1cb36fb6

  • SHA256

    49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568

  • SHA512

    592f39199967a0f5048756ea71130f3ea0937a2f20eac855d5c18a933f74b1233928cb56b749e1952d4e1da6e48b7d705d152a8b30de20c88d9ee79627f9e00b

  • SSDEEP

    24576:nJC1YAOp0eRaNaQgxPubcoiukAby3LV1jqjx9/WBRQ/8PxS//lTQKJfF27:nw1OfMGxRoiuWZ1jUx9qrS3lsC27

Score
10/10
medusalockerevasionransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_OPEN_FILES.html

Ransom Note
All your data are encrypted! Your files are encrypted, and currently unavailable. You can check it: all files on you computer has new expansion. By the way, everything is possible to recover (restore), but you need to buy a unique decryptor. Otherwise, you never cant return your data. [email protected] If you will get no answer within 24 hours contact us by our alternate emails: [email protected] Its just a business. If we do not do our work and liabilities - nobody will not cooperate with us. To verify the possibility of the recovery of your files we can decrypted 1 file for free. Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter: FD0E8B6E3E22D2F72E96A980146E80EDEF207D338A715AD0C878B5E26BE284E800DB2B32D3C0979CBF776F82117BBA22270F584BCA56343E2E239EB1D9397486 DAA63A10698D8BA708C298C866AD5CCE3CE815F6A449522D0591665700C0CA909038F342EF34B3D075F5D4F9604DF7A34F0E023F425BA65D07E87EA8B037 62F193383C7C735EE2D68B4903B5207AE907EDCEFECF3E06500196484F70FFEB190266736B64D9C1F052168A0F5B67A8D92432AB883AEC6B04C41D351B50 56B2CA7C27DD3BAFF123857CF3366E6144885B97E67287FA0BF4CD7187023868BE3CADCE0FE51957F3EBC381BC87F523FFEDDB579FB8DE2091C7E32052C2 AD363C1503A69F8431350F2E2FD4D3FBE7137E2FFAA20E9B9E248AACFD3333C52371334070F6E1B73DA9685F4FEBF763B9F20D1AD809DD898B869ED4F399 7D0C788F937CBACCEFABA87AB19FB2BDD36BEA50EFF9827D6035ED5F903BFDCC974C6FB5881A844AA3BD84668BA43977488D3369C62D1D95EEA32F31F25D 163E907A57F7C3B228A97A7DBB9B8673B2F61C1F146F081280511805FB5E81A665201B13D524CBCA8C4D66224A3715C737B2496F67F9CC9D8D2E70149DEA 5BFA7B9170E409C9299AF4C582B475CC2506CD54DFDD41D636DA42B7FF6C9F3F7D09710E4C4565DBC51CEA3788774C278D1A6C5BE77438243DEF32A3AD63 6175020A946B388CD24100F83326 Attention! - Attempts of change files by yourself will result in a loose of data. - Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data. - Use any third party software for restoring your data or antivirus solutions will result in a loose of data. - Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data. - If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.

Targets

    • Target

      49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568

    • Size

      2.6MB

    • MD5

      b58e151f956d6249f160ac8f47c7bd10

    • SHA1

      d351062083c814935c14408a584ded7d1cb36fb6

    • SHA256

      49da42d00cc3ad6379ead2e07fd5f09bd358b144a6e78aad4bb1a8298e2bb568

    • SHA512

      592f39199967a0f5048756ea71130f3ea0937a2f20eac855d5c18a933f74b1233928cb56b749e1952d4e1da6e48b7d705d152a8b30de20c88d9ee79627f9e00b

    • SSDEEP

      24576:nJC1YAOp0eRaNaQgxPubcoiukAby3LV1jqjx9/WBRQ/8PxS//lTQKJfF27:nw1OfMGxRoiuWZ1jUx9qrS3lsC27

    Score
    10/10
    medusalockerevasionransomwarespywarestealertrojan

    • MedusaLocker

      Ransomware with several variants first seen in September 2019.

      ransomwaremedusalocker

    • MedusaLocker payload

    • UAC bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks