General

  • Target

    b00be4dda45f8670b0e65d37cc7770fa791d869c7e567ea316d84d16283f8009

  • Size

    669KB

  • Sample

    221110-hs7bqsheej

  • MD5

    ac546514c037b432430bebc8e3884dad

  • SHA1

    f4e2e0eea53546e9a2b1cf136eb8a5ce7015f06d

  • SHA256

    b00be4dda45f8670b0e65d37cc7770fa791d869c7e567ea316d84d16283f8009

  • SHA512

    b4f703141e1fc471df35e968977535e4b64cddebc9bba66037b259265234ed254249d9b451f0856cc902919cce77062c6242d49752dcd5e488f7c3d486bc5d99

  • SSDEEP

    12288:dQA0FfTcwpBuV2UxqDmuiLZeUaoFi2XZWfGe615HhAZV8DXKD/KeX:Tuf4wTuV2Ux3uIZeUBi2Te6HWCKrKe

Malware Config

Targets

    • Target

      b00be4dda45f8670b0e65d37cc7770fa791d869c7e567ea316d84d16283f8009

    • Size

      669KB

    • MD5

      ac546514c037b432430bebc8e3884dad

    • SHA1

      f4e2e0eea53546e9a2b1cf136eb8a5ce7015f06d

    • SHA256

      b00be4dda45f8670b0e65d37cc7770fa791d869c7e567ea316d84d16283f8009

    • SHA512

      b4f703141e1fc471df35e968977535e4b64cddebc9bba66037b259265234ed254249d9b451f0856cc902919cce77062c6242d49752dcd5e488f7c3d486bc5d99

    • SSDEEP

      12288:dQA0FfTcwpBuV2UxqDmuiLZeUaoFi2XZWfGe615HhAZV8DXKD/KeX:Tuf4wTuV2Ux3uIZeUBi2Te6HWCKrKe

    • MedusaLocker

      Ransomware with several variants first seen in September 2019.

    • MedusaLocker payload

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks