Analysis Overview
SHA256
3759cf4c50d72baeed4415c9d5ac798d6a663e85dc85031cf207d4aa57130655
Threat Level: Known bad
The file 2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker was found to be: Known bad.
Malicious Activity Summary
MedusaLocker payload
Medusalocker family
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Detects command variations typically used by ransomware
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:56
Signatures
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects command variations typically used by ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
MedusaLocker payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Medusalocker family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:56
Reported
2024-06-13 05:58
Platform
win7-20231129-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:56
Reported
2024-06-13 05:58
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6ada2de2e067c5e7128f1ac950035e6d_cobalt-strike_medusa-locker.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.43:443 | tcp |