General
-
Target
16235251398.zip
-
Size
318KB
-
Sample
240328-mr866aaf2y
-
MD5
3126b2565d3fec5d37e57de6e52d6813
-
SHA1
16e6351d6e4e5e4ecd6a4d46796b184cff45da51
-
SHA256
fe7b7e66461a7d806d4d2f5e6fad20499e4bc1de500a4d8cc46c5a6442f6b473
-
SHA512
797b7fa3c37c7f627bb8b7930e3eb03473418b13ca9de3bf7be28291d466c81256ce370484bcc5dbef078249a9435fddf197950165860caaf5f254081a053ffd
-
SSDEEP
6144:7B1SFbv1na8+Jf1byxtRBJPGSH3OQ6+FOLjb6l0D4wOLL+DPpgs:7BAv1a88fpyPRz7NT2vOLLov
Static task
static1
Behavioral task
behavioral1
Sample
94f420e16a4eb5154076895cd8c5f677db4273d37d44b81e1d04b26e851b69fe.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
94f420e16a4eb5154076895cd8c5f677db4273d37d44b81e1d04b26e851b69fe.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
F:\!!!READ_ME_MEDUSA!!!.txt
MedusaSupport@cock.li
http://xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion/
http://wt26mlupk5sl6fmc675pbnsxnehf6dgkehb4vdp4uokbph3bb3il35id.onion/
http://medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion/817cbe1cbf9330a3a712d04e151f6d6d
Targets
-
-
Target
94f420e16a4eb5154076895cd8c5f677db4273d37d44b81e1d04b26e851b69fe
-
Size
622KB
-
MD5
f05b57cdc3420acc359efe9e4941c428
-
SHA1
c06377e90b73bb25d30d385d7e75ae500c7bdc16
-
SHA256
94f420e16a4eb5154076895cd8c5f677db4273d37d44b81e1d04b26e851b69fe
-
SHA512
f5f666f0eeaa12f6896a00f41e07b4333e8afd9cf97f0358eed07c302a911cb56e20c7c52b8dc6c3388a0549a5bda0572141c7c7747029c97fd5f9a682563736
-
SSDEEP
12288:2AkaGQbDzAaAHZsznxmFoKXjHjq0eO7xWmgTWJJCy50+z63LcTpQ2vkV+3a3Jl94:2AvrggdqUjeLFsmXWfhANTSw0u6POokl
Score10/10-
Renames multiple (8861) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Installed Components in the registry
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-