General
-
Target
16244291484.zip
-
Size
320KB
-
Sample
240328-nwtgyahd22
-
MD5
6abf04586d40a8d40ceafe61a2e392b3
-
SHA1
c98e606d25d8646e973b8d9471f2de4c0877d45c
-
SHA256
d82db3bb340acdda3ef3c5c0441fcc081064b8544c357c47913122af49d1d6d8
-
SHA512
fa15f4de1500671e037e3c137ed7a8d4ae5f5ff4748c54185b1008e3b67322abad31bff48c730d2c4f5ab8cddd736a39fbbaeb8b57cc983c12dc4aa6e0929900
-
SSDEEP
6144:lqw0hiKjUbV4FXfVrPXjYLvyk/YU0tZvnpdRAMgDm8T2lyVQ/8C933j:lyhrEKvp68U05f9zh33j
Static task
static1
Behavioral task
behavioral1
Sample
4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\$Recycle.Bin\!!!READ_ME_MEDUSA!!!.txt
medusa.support@onionmail.org
http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion/
http://medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion/227098164ef1fdb119ef537986bbdf24
Targets
-
-
Target
4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6
-
Size
624KB
-
MD5
84b88ac81e4872ff3bf15c72f431d101
-
SHA1
0823d067541de16325e5454a91b57262365a0705
-
SHA256
4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6
-
SHA512
185691b0103669c5aa25b22c36f29ddb66f074e0f2e3ae6a36ed8917c35f1fba71fba65c11c3211ce64f6c5919ac879ce0fdcc4dddae420cbecf40711dff1860
-
SSDEEP
12288:V4eCA30wfnlxvaUwZNf6qYID7ZJuIQOsknZh20QyCkje0ZM7qgbGKTO7muYpralU:3C8valgsDyfSBKXyMUkW2LILGBm3IzPB
Score10/10-
Renames multiple (8487) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-