medusalocker | 1bada4abe468cacb7106a3c57dc2e7436abbbf9c62f4387909e5f8d00fb6c45b

General

Target

d6253e1c76dcfaaaf5a4db139cf48356
Size

5KB
Sample

240319-pxgp7sdb4y
MD5

d6253e1c76dcfaaaf5a4db139cf48356
SHA1

497efab934d20f91d890a867d25d5d022e2cebe8
SHA256

1bada4abe468cacb7106a3c57dc2e7436abbbf9c62f4387909e5f8d00fb6c45b
SHA512

06fa5ca9a954c68a392dc05f1138fcfff13a7e813a8e9280c5fc426fbac27b87b1ab8385c3030c5773f3dac5ef3aeacb7279b10b24a33c44b83116eafe7746dc
SSDEEP

96:8y+cAl5azln+DtZog0HFxMUnZziKFe8LDmQIjK:8OAl0z8DjEHgUngKYQDm2

Score

10^/10

medusalocker ransomware

Malware Config

Extracted

Family

medusalocker

Ransom Note

Your personal ID: 68A670DFB78C450BD581EAE26A62C69583C11E87329153011ED322C3E6276BF201744BA207D05FDC93914B5E808A887222A6BEFAACD25DD8FEE3877679056BDC FE2BF8BA4D23827006D5AAF633BFD404CE57E5557126B6A8AED3DEFFE74EE50E6FF915D30427F0371BCCAADFD930F5D2F4719E33C2F6AD250FD0F7562548 E84684C972F82C76E4D6FC67AE43AA674DD1BB1ED82F00BF2EE986507507CD23AF97D9CF1705E9275E2DF0C81C3D43D1457EF4E9990DF3DC084B21D475DE F17601D2F2290D44728A86B27C589033365B6961A6D4ECA62FD5123985BFAECBCF08EC0C67EAD4E3278C6F404E2B1190FEDCFF4BC71560265BACD32BB1AA 8DD2657F8D725681D9EE73C4EC6F3D49BF20575E2AF5792DEAF57126A6BF65479EF02C0E6DCEB2E4CA2F7DB3B3C13C0FAAFD144567ED50135ACB5FF48E47 538E54892946B3D2D058DCC4931CF4D3A172FAEEF6E4F683E5D4A01C508244516476E6D715373CEFEECE2CE4616CB6D2D9626395140944863A9EA9273490 78F072EAF5FC990DBEC200DF1178574478D92DE9AFA6A7456DDBE2508595C643E290370DAEFB5B9D2021BFF6566F810533C20DEA34D9AB92C2D2F875532E 8AE3496802C94DC86ABC7BB70B0EC4A634890111A51F948F3D983C04AB5908946EA1527036937B714B40B604317D902BF6349500C589DE7A381F755A2ECC 92D541BF36C12A80308B65304460 /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\ All your important files have been encrypted! Your files are safe! Only modified. (RSA+AES) ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. No software available on internet can help you. We are the only ones able to solve your problem. We gathered highly confidential/personal data. These data are currently stored on a private server. This server will be immediately destroyed after your payment. If you decide to not pay, we will release your data to public or re-seller. So you can expect your data to be publicly available in the near future.. We only seek money and our goal is not to damage your reputation or prevent your business from running. You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back. Contact us for price and get decryption software. qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion * Note that this server is available via Tor browser only Follow the instructions to open the link: 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site. 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it. 3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion 4. Start a chat and follow the further instructions. If you can not use the above link, use the email: diniaminius@winrof.com soterissylla@wyseil.com * To contact us, create a new free email account on the site: protonmail.com IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER. http://gvlay6u4g53rxdi5.onion/21-9wA3X0WIwPScg5iK8DAPnytF2A39PT2k-hMQfbvjG22i8ESdZuQIXCLdas5a7CJhY

Emails

diniaminius@winrof.com soterissylla@wyseil.com

URLs

http://gvlay6u4g53rxdi5.onion/21-9wA3X0WIwPScg5iK8DAPnytF2A39PT2k-hMQfbvjG22i8ESdZuQIXCLdas5a7CJhY

Targets

- Target
  
  d6253e1c76dcfaaaf5a4db139cf48356
- Size
  
  5KB
- MD5
  
  d6253e1c76dcfaaaf5a4db139cf48356
- SHA1
  
  497efab934d20f91d890a867d25d5d022e2cebe8
- SHA256
  
  1bada4abe468cacb7106a3c57dc2e7436abbbf9c62f4387909e5f8d00fb6c45b
- SHA512
  
  06fa5ca9a954c68a392dc05f1138fcfff13a7e813a8e9280c5fc426fbac27b87b1ab8385c3030c5773f3dac5ef3aeacb7279b10b24a33c44b83116eafe7746dc
- SSDEEP
  
  96:8y+cAl5azln+DtZog0HFxMUnZziKFe8LDmQIjK:8OAl0z8DjEHgUngKYQDm2
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2