General
-
Target
16259167404.zip
-
Size
321KB
-
Sample
240328-nwry4sbf4z
-
MD5
94e797f17313dc5d704d2d026a842e3d
-
SHA1
9065e2ed6f99091c1ae62a298fe7aa11d85d9bce
-
SHA256
2c7b5579d3764bfbaddd63412f6f053acbd9998fd78fcead83aaa3e685d64a34
-
SHA512
bd887cf7c0fb44e4b5601d3c06208bbaa5e7a216046d3868a3aded4af894998a087973b289697d059c642af0cea7d2063057450cc8c3472d9707545a1606009f
-
SSDEEP
6144:xzOgLEWrqFhj8mOHB70Zuj3An1WOMoEL05iKyWX22KpHF77i40AxgffkqyTnQeCR:lOgJmhjXOh/Qcoge2tHF7jxYs7TQRR
Static task
static1
Behavioral task
behavioral1
Sample
736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\$Recycle.Bin\!!!READ_ME_MEDUSA!!!.txt
medusa.serviceteam@protonmail.com
https://breached.vc/Forum-Leaks
https://www.nulled.to/#!Leaks
https://t.me/+yXOcSjVjI9tjM2E0
http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion/
http://medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd.onion/6FpWYNh2VT8tLYAkeQ0P
Targets
-
-
Target
736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270
-
Size
626KB
-
MD5
47386ee20a6a94830ee4fa38b419a6f7
-
SHA1
ee4575cf9818636781677d63236d3dc65652deab
-
SHA256
736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270
-
SHA512
85b2d6e3b5faa4f3e41c1e8f3fbeab484c0e156b66d58307d6fcf84ebe1d5a277d7bbbe209f05ec4db0a179bf72a8a7ea567ae7576b0cc591477893749bd61d2
-
SSDEEP
12288:fSNRvIULdPvv84Sex/nsroQ9QPooisHszx8a/ikU7fwgjMOJgf6aKX3RRGvRT735:QDvoxPN99AzRKSvXhQioLdGpjyzj+fNg
Score10/10-
Renames multiple (8477) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-