Analysis Overview

score

10^/10

SHA256

6612271bac6fcdda5e7081ce6777018fad4bb0f32354cb281387a11c851bcc08

Threat Level: Known bad

The file 2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker was found to be: Known bad.

Malicious Activity Summary

medusalocker

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Detects command variations typically used by ransomware

MedusaLocker payload

Medusalocker family

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-24 09:41

Signatures

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Detects command variations typically used by ransomware

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

MedusaLocker payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Medusalocker family

medusalocker

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-24 09:41

Reported

2024-06-24 09:44

Platform

win7-20240220-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-24 09:41

Reported

2024-06-24 09:44

Platform

win10v2004-20240611-en

Max time kernel

139s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker.exe"

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	8.8.8.8.in-addr.arpa	udp
US	8.8.8.8:53	228.249.119.40.in-addr.arpa	udp
US	8.8.8.8:53	0.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	172.214.232.199.in-addr.arpa	udp
US	8.8.8.8:53	26.165.165.52.in-addr.arpa	udp
US	8.8.8.8:53	171.39.242.20.in-addr.arpa	udp
US	8.8.8.8:53	88.156.103.20.in-addr.arpa	udp
US	8.8.8.8:53	13.227.111.52.in-addr.arpa	udp
US	8.8.8.8:53	tse1.mm.bing.net	udp
US	150.171.28.10:443	tse1.mm.bing.net	tcp
US	150.171.28.10:443	tse1.mm.bing.net	tcp
US	150.171.28.10:443	tse1.mm.bing.net	tcp
US	150.171.28.10:443	tse1.mm.bing.net	tcp
US	8.8.8.8:53	10.28.171.150.in-addr.arpa	udp

Files

N/A

Sample ID	240624-ln8ksayhkr
Target	2024-06-24_91f04a8a9bd3b68f6b62479eb915af6f_cobalt-strike_medusa-locker
SHA256	6612271bac6fcdda5e7081ce6777018fad4bb0f32354cb281387a11c851bcc08
Tags	medusalocker

Malware Analysis Report

2024-09-11 02:36

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files