Malware Analysis Report

2024-09-11 01:45

Sample ID 240613-gm124awgjf
Target 2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker
SHA256 3759cf4c50d72baeed4415c9d5ac798d6a663e85dc85031cf207d4aa57130655
Tags
medusalocker
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3759cf4c50d72baeed4415c9d5ac798d6a663e85dc85031cf207d4aa57130655

Threat Level: Known bad

The file 2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker was found to be: Known bad.

Malicious Activity Summary

medusalocker

MedusaLocker payload

Medusalocker family

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Detects command variations typically used by ransomware

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:56

Signatures

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A

Detects command variations typically used by ransomware

Description Indicator Process Target
N/A N/A N/A N/A

MedusaLocker payload

Description Indicator Process Target
N/A N/A N/A N/A

Medusalocker family

medusalocker

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:56

Reported

2024-06-13 05:58

Platform

win7-20231129-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:56

Reported

2024-06-13 05:58

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe"

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

N/A