General
-
Target
LFm.bin.exe
-
Size
678KB
-
Sample
230309-w6l5lshf57
-
MD5
168447d837fc71deeee9f6c15e22d4f4
-
SHA1
80ad29680cb8cecf58d870ee675b155fc616097f
-
SHA256
add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b
-
SHA512
f8e123b601b5df3e89109fcc2e215e014b0d99b382d7cfb1a8cfd55790525c4e5504ee668ac30108c1bebf32e312e0c33edb5737c7ae166b59f791269bd66112
-
SSDEEP
12288:cPJ4U1TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuDJVoM7:J6TYVQ2qZ7aSgLwuVfstRJLIYM
Malware Config
Targets
-
-
Target
LFm.bin.exe
-
Size
678KB
-
MD5
168447d837fc71deeee9f6c15e22d4f4
-
SHA1
80ad29680cb8cecf58d870ee675b155fc616097f
-
SHA256
add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b
-
SHA512
f8e123b601b5df3e89109fcc2e215e014b0d99b382d7cfb1a8cfd55790525c4e5504ee668ac30108c1bebf32e312e0c33edb5737c7ae166b59f791269bd66112
-
SSDEEP
12288:cPJ4U1TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuDJVoM7:J6TYVQ2qZ7aSgLwuVfstRJLIYM
Score10/10-
MedusaLocker
Ransomware with several variants first seen in September 2019.
-
MedusaLocker payload
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-