Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2025-01-25_bdf6ac02664baea655b103d50bdfd6ec_avoslocker_cobalt-strike_luca-stealer
-
Size
624KB
-
Sample
250125-qqgbjavjhv
-
MD5
bdf6ac02664baea655b103d50bdfd6ec
-
SHA1
6613e813d28527f905e23ead7ed66c43d85f5894
-
SHA256
df0f05469702bd70c49045dcbbefc65e735f4116bdb12526cd16110472a51dc8
-
SHA512
c1fd604fbb20b8950d2b9e05fa1c3329c3c13684002750a3ec67c2ac15ce22f52a4296afb962140d057b1e340afc01174a0d7bfa298d57259f01c6fb908ea1bc
-
SSDEEP
12288:mS926SXIb0z9GjskXErHDoBEA8xQJfIGIB6SKYvd+JCexsE2Nts6hElgE0sFwEjV:9nhAJkJmVSvGWEc3v/KwkoaRshWP3et5
Malware Config
Targets
-
-
Target
2025-01-25_bdf6ac02664baea655b103d50bdfd6ec_avoslocker_cobalt-strike_luca-stealer
-
Size
624KB
-
MD5
bdf6ac02664baea655b103d50bdfd6ec
-
SHA1
6613e813d28527f905e23ead7ed66c43d85f5894
-
SHA256
df0f05469702bd70c49045dcbbefc65e735f4116bdb12526cd16110472a51dc8
-
SHA512
c1fd604fbb20b8950d2b9e05fa1c3329c3c13684002750a3ec67c2ac15ce22f52a4296afb962140d057b1e340afc01174a0d7bfa298d57259f01c6fb908ea1bc
-
SSDEEP
12288:mS926SXIb0z9GjskXErHDoBEA8xQJfIGIB6SKYvd+JCexsE2Nts6hElgE0sFwEjV:9nhAJkJmVSvGWEc3v/KwkoaRshWP3et5
Score10/10-
Medusa Ransomware
Ransomware first identified in 2022 that is distinct from the similarly named ransomware family MedusaLocker.
-
Medusaransomware family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8848) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Network Share Discovery
Attempt to gather information on host network.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
1System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1