medusalocker | d981fe00432dc5aa059884558c02276379f4cadbb7054c23962cb71122342b9d | Triage

Sharing

General

Target

d981fe00432dc5aa059884558c02276379f4cadbb7054c23962cb71122342b9d.sample
Size

308KB
Sample

240227-wkylhsff54
MD5

8df1195087daa119e81fd0cc529c88e5
SHA1

52f743d2fa6fa607278dac4a2bf7a3c054252c9f
SHA256

d981fe00432dc5aa059884558c02276379f4cadbb7054c23962cb71122342b9d
SHA512

2d141a3d6879f7b39b69f3d4acf0ee5faa28d786fdb538daeabd834cff344647985eff48747cf5e8061eb583b72ca33741399be43e73c92bf4e9d8b06dd108b3
SSDEEP

6144:kk4DdotiH8um78UhQyZ72VQShKLzuTHDZnvU4lYgfg:r61m7rhQyZiBV4gf

Score

10^/10

medusalocker

Malware Config

Targets

- Target
  
  d981fe00432dc5aa059884558c02276379f4cadbb7054c23962cb71122342b9d.sample
- Size
  
  308KB
- MD5
  
  8df1195087daa119e81fd0cc529c88e5
- SHA1
  
  52f743d2fa6fa607278dac4a2bf7a3c054252c9f
- SHA256
  
  d981fe00432dc5aa059884558c02276379f4cadbb7054c23962cb71122342b9d
- SHA512
  
  2d141a3d6879f7b39b69f3d4acf0ee5faa28d786fdb538daeabd834cff344647985eff48747cf5e8061eb583b72ca33741399be43e73c92bf4e9d8b06dd108b3
- SSDEEP
  
  6144:kk4DdotiH8um78UhQyZ72VQShKLzuTHDZnvU4lYgfg:r61m7rhQyZiBV4gf
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2