medusalocker | 5a30d7c31580fcf1d91273153e8815af9ed0151635f732753c7e4ea67a9236d7

General

Target

5a30d7c31580fcf1d91273153e8815af9ed0151635f732753c7e4ea67a9236d7
Size

4.4MB
Sample

230822-kw4fcscf81
MD5

0985085ac2b5c9f2c64d3603e0dc23b6
SHA1

236af16ac472f6bcd9c6d56b5c270a7527059f21
SHA256

5a30d7c31580fcf1d91273153e8815af9ed0151635f732753c7e4ea67a9236d7
SHA512

d5422987d369673373dbadbf1c5e559135b1f6f6e6f7f5144ba73371d045c4b160ac869e6489a76e550a59b522ad563e831fca09717aee3e35a5d8a599c3922c
SSDEEP

49152:t5L1XVcPYu8kgVwGv5rsa/uCPJnwC9GG5YbtRqRsV5lDbKfDyqSvC9+7WQ3WLFnp:t5L4Yu8kVGhrsaG2nw+f+q//Kp/LK

Score

10^/10

Malware Config

Targets

- Target
  
  5a30d7c31580fcf1d91273153e8815af9ed0151635f732753c7e4ea67a9236d7
- Size
  
  4.4MB
- MD5
  
  0985085ac2b5c9f2c64d3603e0dc23b6
- SHA1
  
  236af16ac472f6bcd9c6d56b5c270a7527059f21
- SHA256
  
  5a30d7c31580fcf1d91273153e8815af9ed0151635f732753c7e4ea67a9236d7
- SHA512
  
  d5422987d369673373dbadbf1c5e559135b1f6f6e6f7f5144ba73371d045c4b160ac869e6489a76e550a59b522ad563e831fca09717aee3e35a5d8a599c3922c
- SSDEEP
  
  49152:t5L1XVcPYu8kgVwGv5rsa/uCPJnwC9GG5YbtRqRsV5lDbKfDyqSvC9+7WQ3WLFnp:t5L4Yu8kVGhrsaG2nw+f+q//Kp/LK
Score

9^/10

evasion ransomware spyware stealer
- Renames multiple (1481) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (4592) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Renames multiple (1481) files with added filename extension

Renames multiple (4592) files with added filename extension

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Drops startup file

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2