Behavioral task
behavioral1
Sample
40cc3ca2fef82a8a66bf8cd390e317a5.html
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
40cc3ca2fef82a8a66bf8cd390e317a5.html
Resource
win10v2004-20231215-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
40cc3ca2fef82a8a66bf8cd390e317a5
-
Size
5KB
-
MD5
40cc3ca2fef82a8a66bf8cd390e317a5
-
SHA1
1b3071704f0cf46aa78fd6acf242cc9eb9a195c0
-
SHA256
7d341d9e43994c15e8b60c96da89390bea190d3748ac1e082793b8b0d6d8bc1b
-
SHA512
3b3838fbf56b1d462569370d08f52eb0ce8583f9486f82748df30c49dd6a5a7aff488b204d9ba916377c5d52bd680ae90dfc580fdc5e084f0dc09f920ff5e147
-
SSDEEP
96:8y+cAl5azln+DtZogzD5hBniKFe8LDmQIjK:8OAl0z8DjDtqKYQDme
Score
10/10
Malware Config
Extracted
Family
medusalocker
Ransom Note
Your personal ID:
E3D9E4AB2EBDCD5922941525606CBC004AB09B73B2B4E7E47A55068B4B222B9398176FB0585F5FDA5F43F4A40C22B32FC561D3F6796FC954ED8E293FF0800C02
082547FBF96E45AD3ECA8F7D31DEB44F12C58BC0F76313DD19CDD8416854FABE0B5C0ABD50466421BF744B5509E13FB07417064A7210AFCF9996C9EEE2A3
836859D87759D581FB4963A4546F2246B790148B998454E4A4E359BE7E0B842EAEAF29E9279AD73B0BEDFE910450A023320C467197A603A71D95DBE23529
D4C0CBADC2F40EF47E8D2EB89EB7060400C7904CDD24D91E818F04FF2ECD18A058BD56F34D9D5F06CA8AC287CE0297A95892E0CF9B7B49E6D671364D9AC4
1C079B203071CCD39BE2CA6C249E56FDF142CB6FA1542FAA64AA38C994531EA15B1FC8DA4EBF9C1863565EDD8BD2E5530F1BB510BF6F04163C86F5E21372
63CBBB63381FCDDA31003D544764E7BE56D200129BC7BBDD85E9B03E4C6969CE7E4E52DD06F5C923521C504C09C2817BF26B9EF1D3EB98DC58ED0ABAA7B3
6ECFC7512912D05C673C4B944A08EA088D8B4014B8DC08D49584A4618DCBB18CDCF0EA7163D4B39961E5C3EE0BEC10ADCCDD82950F5D8C92A28C3E93E434
057D5CB939A83A05D01929063E18FE4CE60876BC75CEBC0749D5128A5F14ACF4335E22BE9DD89C35C5F55BA56A4C2C66FAB4FB9571A4027575A674BF1232
6DEBBBFC1B3D1ADC29C0825ECD0B
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
* Note that this server is available via Tor browser only
Follow the instructions to open the link:
1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.
2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
4. Start a chat and follow the further instructions.
If you can not use the above link, use the email:
[email protected] [email protected]
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
Signatures
-
Medusalocker family
Files
-
40cc3ca2fef82a8a66bf8cd390e317a5.html