medusalocker | add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b | Triage

Submit
Reports

Overview

overview

Static

static

LFm.bin.exe

windows7-x64

LFm.bin.exe

windows10-2004-x64

Sharing

General

Target

LFm.bin.exe
Size

678KB
Sample

230309-w6l5lshf57
MD5

168447d837fc71deeee9f6c15e22d4f4
SHA1

80ad29680cb8cecf58d870ee675b155fc616097f
SHA256

add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b
SHA512

f8e123b601b5df3e89109fcc2e215e014b0d99b382d7cfb1a8cfd55790525c4e5504ee668ac30108c1bebf32e312e0c33edb5737c7ae166b59f791269bd66112
SSDEEP

12288:cPJ4U1TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuDJVoM7:J6TYVQ2qZ7aSgLwuVfstRJLIYM

Score

10^/10

medusalocker evasion ransomware spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

LFm.bin.exe

Resource

win7-20230220-en

medusalocker evasion ransomware spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

LFm.bin.exe

Resource

win10v2004-20230220-en

medusalocker evasion ransomware spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  LFm.bin.exe
- Size
  
  678KB
- MD5
  
  168447d837fc71deeee9f6c15e22d4f4
- SHA1
  
  80ad29680cb8cecf58d870ee675b155fc616097f
- SHA256
  
  add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b
- SHA512
  
  f8e123b601b5df3e89109fcc2e215e014b0d99b382d7cfb1a8cfd55790525c4e5504ee668ac30108c1bebf32e312e0c33edb5737c7ae166b59f791269bd66112
- SSDEEP
  
  12288:cPJ4U1TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuDJVoM7:J6TYVQ2qZ7aSgLwuVfstRJLIYM
Score

10^/10

medusalocker evasion ransomware spyware stealer trojan
- MedusaLocker
  Ransomware with several variants first seen in September 2019.
  ransomware medusalocker
- MedusaLocker payload
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

File Deletion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

medusalockerevasionransomwarespywarestealertrojan

behavioral2

medusalockerevasionransomwarespywarestealertrojan

© 2018-2024

Terms | Privacy