Overview

overview

10

Static

static

10

Bouwvak 20...ttack1

windows7-x64

3

Bouwvak 20...ttack1

windows10-2004-x64

3

How_to_bac...s.html

windows7-x64

1

How_to_bac...s.html

windows10-2004-x64

1

WEEKPLANNI...ttack1

windows7-x64

3

WEEKPLANNI...ttack1

windows10-2004-x64

3

Resubmissions

08-05-2023 13:17

230508-qjgzgsce9x 10

08-05-2023 13:13

230508-qgbdxsce8z 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wetransfer_files_2023-05-08_1311.zip

  • Size

    238KB

  • Sample

    230508-qjgzgsce9x

  • MD5

    b09cd13c7a9ce8c94e15303f140bdd9f

  • SHA1

    0f1b7bfc7c36a27a749d01dfce66aedb8e887212

  • SHA256

    39e11c660ab5c85f9d7a277af1bdcb56e51710f7eaf71aed64eea167266bb764

  • SHA512

    16fb8eb6272d1b160ab9124a18fda1e12cbfe6cae1d02ce4e73d340a61fa20673fbaae83a620f37e213a202f36088d2874ad41a512e5f971a3dc13b8be1ee8d9

  • SSDEEP

    6144:b/WU55apOabqGYWvYp1Nq11bRbItI19yrb/1WpgDo2N:b9EpgHW11Krj1WpSo2N

Score
10/10
medusalockerransomware

Malware Config

Extracted

Family

medusalocker

Ransom Note
Your personal ID: H00SFRcTQTSWoZidgUKU3BAbNOWwxvF54+RzCtOrzK2AU+TRL8Sq4iKBaXhBh8NH3fSzW1tMjCHMDiVTDxB3oo+7LTMwPnYQPxgo6KSrjn/6YUqnUXZNClUDIFHgayLMV+jFZgj1d+T+FCIP/SEh7A1benMcUBgzlhFkd4qSzZzzbdrU5MtQ6PCIAfacWLZapA2Y3efZMvaPaV+9zuXr6hRlQTO0DSwQz5OKqDeGW+0RQ5b4zmSVn0yXr+3ogOcgiFhJGYrgbbukrpJFgPk03j6JFEM4/ztghmxIijqF2d1SLUlyngZgFyHVLgf7iDMN0PiWZ+TZ9SJghhoXfdWjO37bGNO8u5uMcCfqLJBxggsyxzcALPq1S02VWF22MU/KwrUjK7BNcSLWWxAr/vKOD0RpClX1reYJJdOnV3Gb9vooSixSmU9N57Z4ZWs/sI0yXtU1qdRcSTJr/5v0BdNVt4JEQXwLc14mhkqPx2f5Yj7kxZMhARw52LcImsycyFTZPzU03FImF0SxHR/dPFrOGi+Ed3Pt/sev8mcCyd/LN8ijwxTlcYGYusYxgv27pOC7jecBCOZVFqhISyMeRkhLMc2UmWyuBeQ8B1PNzzKOazpNS//HuE2nJpgCiGsmnDO7ILHJ8mL4/KKLJDKZE1SsdYlV4q7MTGVTWYCLKIi0ss1HNWAlmwO/dH7yJZQVxv4C7tEPzI7bAvLlKz3aDLRH7PUfdq6vUzlxurotCpIqRE48AYqwTIrni0VnU33sqogLb9Lxu9lemY5latoSu660Lby8m4ruCruFddwAVXU3xQG4lzdaRkzM2TTnwIO1pWgy5xy4oDNH3p5j8EfJ8Hu4eIPDPqtspGijquSW9lAOhQ8mxzYzi5NC6GuVZv2TMxvMIGGbdZE/NAm2z2Qxh1EOqxnuoRLYH37a16MIKNd0EYZCPuivh2tVXLYxq/a4Jz7GdMP0bitNXJuJ+0GezuoQMyM1szIzJDnXP6USyaVYUyrEQXeZKcYj4CMIImHwy85Neh4hFREgmUnknLqfEnHu8BwPHHqj87d+4bHkyO+CYmExHhjC1/3ZxVX8gAAipCU7S6P6/3kqrXXdnZs+LgRa4v2BzCh6AhUBKGgKrmKgrurxU5xAON4cV/PegCg8/DFL4iZ5lH/CKojPVYcko0v+S0zohIbiNVQZ80nBqQQ80NjZIToPO137dtaG2uNSXjNEIbKOYwK7wqPTJ7a3HhQTLIi2znA1lHbRjgINWHdCZrZ7hNMCpXFs4DSZ+L7ji9sM3Deu72JftOSIAf3xv5EZ76dUkLk7tFtLVxqMedB6e8ISznLVvpYF7+M5wKhN5myo0+eWmwqoaU4skJIsgivCsZ2ftOntFx+M9ywwS9eHA3qZJxJ0wviRVOVjIZtUolln6EkMscjHAhBrRTabJiMKbyqCQpgECjsQzIzz8tbPRMnrequo3vbJh1pNalPBKKEUDMyxRSrnWYQmIx4azr6s9mRtmEACohUuH0u1FA1dmKg/aPUEsuaa0cPXfF5vAmBK2aEFEMknyb8jKGb8wNhsUI7zGu1V4o0h2Lx/1uVvtwsJffC0nHwyH5zq+4wEFryJABhC9wVUD8MF+pUIDI6pwVx5pr8wuBwvJ+/5BKgAJ3SqO9dOi/h4fBEOcl4bcdb4uyD4p6gQyZKGnppgcYffvc8Aho4Uk5v4ZpsLlGW16mo= /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\ All your important files have been encrypted! Your files are safe! Only modified. (RSA+AES) ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. No software available on internet can help you. We are the only ones able to solve your problem. We gathered highly confidential/personal data. These data are currently stored on a private server. This server will be immediately destroyed after your payment. If you decide to not pay, we will release your data to public or re-seller. So you can expect your data to be publicly available in the near future.. We only seek money and our goal is not to damage your reputation or prevent your business from running. You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back. Contact us for price and get decryption software. email: [email protected] [email protected] * To contact us, create a new free email account on the site: protonmail.com IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

Targets

    • Target

      Bouwvak 2023.xlsx.attack1

    • Size

      13KB

    • MD5

      302df02294aac829e52f5fb98cec7bb5

    • SHA1

      4ea18208afcb41d3abffc99cd65a148dff9d77a5

    • SHA256

      c455c3d589a7e55160d252de84775e9499f962b6669a2287cb701560e0f6b5f3

    • SHA512

      407fc5ad94ab3d54a5cbc7cf816502df14035ffa81c534919882d9b57d8464d4e9fe1d43e928d16108b50694a4d7c406bb2713319ecbffc3a40e8c30af1904e2

    • SSDEEP

      384:Jd3ymUJMblIBhObKCq1pAW8N8I3k1+/uLdmoMPl:JBlUJLKbK/pAW8KI01+/tZl

    Score
    3/10
    behavioral1behavioral2

    • Target

      How_to_back_files.html

    • Size

      4KB

    • MD5

      0f9fca06847beeb3002ba6c5ef581b85

    • SHA1

      f48f51ce214c3c9163338cbe602ad20ec94692c2

    • SHA256

      f3f829da4ed0a712f900b44758c28fc2da0fbf086c4c30de7d5d6400b72c97e1

    • SHA512

      215edd5bebca6539e7446455fc6eab03d14599dc346011f4ab3f24d16db611c4161c1074cbad8a18b778081739d76d1154558a5f35d13d7562e6da177846ac7d

    • SSDEEP

      96:8y+cAl5azrn+DtZogW4mSrooF4kcZEiKFe8LuRj+:8OAl0zaDjvFrhKKYQ5

    Score
    1/10
    behavioral3behavioral4

    • Target

      WEEKPLANNING 2023.docx.attack1

    • Size

      220KB

    • MD5

      5375570516b3f895a0cc78b92ddbaeb2

    • SHA1

      fe9434598a2555f7595f97ab8b590033b12a5b25

    • SHA256

      85043ed6006aeeb9b374300c0e997c913579002f2fe1ff3c648216e3576d4ae6

    • SHA512

      3d5a73635d71a9b7505aed93cc2d758d99b2911cd2ff4fa108d24f35b44cbcfbdbc4d6a88afec12c707a36ec2b2c4b0c974aedfd0d1ad0eef0a5c4acc10c59b1

    • SSDEEP

      6144:t5apOabqGYWvYp1Nq11bRbItI19yrb/1WpgDo2g:tEpgHW11Krj1WpSo2g

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks