medusalocker | 78ed6afa57daa57bb3d7989d65f2de526594168c1aa85f7d5564e6e97619ea53 | Triage

Submit
Reports

Overview

overview

Static

static

add2850732...6b.exe

windows7-x64

add2850732...6b.exe

windows10-2004-x64

Sharing

General

Target

168447d837fc71deeee9f6c15e22d4f4.bin
Size

295KB
Sample

230311-bgjmzaga48
MD5

378b172c99a0959ba119a0b3371a2de9
SHA1

12301a621005cec42125a5085ef88876480b09b6
SHA256

78ed6afa57daa57bb3d7989d65f2de526594168c1aa85f7d5564e6e97619ea53
SHA512

8b38d89d75926f7d3fd42e988a8fde8589c954e234021601d3042d9300d61f57d31032699847575bab612fd0dee9fc21904c4aa61d670940706ecac4c4d0bd2c
SSDEEP

6144:F8ImiC8Qp410nc6b7qONplKP189CGc2mvGrBbgVPSqIL/prcQj0DLeApl:qIyHb7qONpEsFc2eGr5grIhoJney

Score

10^/10

medusalocker evasion ransomware spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b.exe

Resource

win7-20230220-en

medusalocker evasion ransomware spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b.exe

Resource

win10v2004-20230220-en

medusalocker evasion ransomware spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b.exe
- Size
  
  678KB
- MD5
  
  168447d837fc71deeee9f6c15e22d4f4
- SHA1
  
  80ad29680cb8cecf58d870ee675b155fc616097f
- SHA256
  
  add2850732c42683ee92ba555bbffb88bf5a4eee7c51e24f15a898f2d5aff66b
- SHA512
  
  f8e123b601b5df3e89109fcc2e215e014b0d99b382d7cfb1a8cfd55790525c4e5504ee668ac30108c1bebf32e312e0c33edb5737c7ae166b59f791269bd66112
- SSDEEP
  
  12288:cPJ4U1TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuDJVoM7:J6TYVQ2qZ7aSgLwuVfstRJLIYM
Score

10^/10

medusalocker evasion ransomware spyware stealer trojan
- MedusaLocker
  Ransomware with several variants first seen in September 2019.
  ransomware medusalocker
- MedusaLocker payload
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

medusalockerevasionransomwarespywarestealertrojan

behavioral2

medusalockerevasionransomwarespywarestealertrojan

© 2018-2024

Terms | Privacy