General
-
Target
16292016324.zip
-
Size
318KB
-
Sample
240328-nwmdmabf4v
-
MD5
67234c010fd5e8a3bfd0e7b97bb073b4
-
SHA1
b54b8529bf6b619d3925e03520d9b15c6d39f8bc
-
SHA256
36af28c859f4c922bc45b7260e45f0ddcd2ffa7e6002529e567b48ba18c81936
-
SHA512
f19a4ee61662779d95fe5922231509a4071c2500115af9e9c144927ead30378529aa066a33752c1c3e98413d9be85f45f22fb26315053d3ef08773e7188436aa
-
SSDEEP
6144:6fALD+s6xqk2soQScgmAmXUpANO4p6jQQyxBAGCrSCh/ZMMmhbLAU9VWKlxq:6aD0qk21mAmkONOWQEBAGkh/65hQUrU
Static task
static1
Behavioral task
behavioral1
Sample
3e19d1653c08206c55e1f835bd890b067b652b99a7b38bad4d78ad7490c6a0f8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3e19d1653c08206c55e1f835bd890b067b652b99a7b38bad4d78ad7490c6a0f8.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
F:\!!!READ_ME_MEDUSA!!!.txt
MedusaSupport@cock.li
http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion/
http://medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion/3f644030262c44777661abe5ed467ba2
Targets
-
-
Target
3e19d1653c08206c55e1f835bd890b067b652b99a7b38bad4d78ad7490c6a0f8
-
Size
622KB
-
MD5
49b53d3c715ec879efeb51d386b9d923
-
SHA1
78daa8b99d2fa422926465f36e13f31587b9e142
-
SHA256
3e19d1653c08206c55e1f835bd890b067b652b99a7b38bad4d78ad7490c6a0f8
-
SHA512
1a9f0260dc83bd496908da59a643d9889aa26ff8efa1db7468c94272b24943dc9de82c631bf80f76984c4d62324ef6c1429e75942745bfae28eca0a974d5fa75
-
SSDEEP
12288:/bI6gQJDmr2HPjac75C/YJ+U1B+9UzS9IUW3synhZAgUeevPOEaXBHEdj507nCQp:jnj14lgXDRu6eA7b9OgYgm41PGE0kF
Score10/10-
Renames multiple (8861) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Installed Components in the registry
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-