MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MedusaLocker


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60
SHA3-384 hash: 8a16c9a2c3eb33463a037e686ed10623580fef504ec967303f41fc85d677a81736a0b866bc9e8e8a51bb4bc9fcd894a0
SHA1 hash: 8a7cc5c0f41ae45064a88ec67ab0e8a3ca2514f2
MD5 hash: 35271695a6202c514fef4520d49886ea
humanhash: violet-delta-low-burger
File name:ransomware
Download: download sample
Signature MedusaLocker
Create hunting rule
File size:694'784 bytes
First seen:2020-06-30 07:42:46 UTC
Last seen:2020-06-30 08:32:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f2a8a842c869f344b4d75729bc60feed (8 x MedusaLocker)
ssdeep 12288:cPJ4U0TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuRJVoM7:JzTYVQ2qZ7aSgLwuVfstRJLaYM
Threatray 6 similar samples on MalwareBazaar
TLSH BDE48D1035C2C132E97315728EBD996E416DFD220B2728DBA3C8165E5FB99F27E32532
Reporter JAMESWT_WT
Tags:MedusaLocker

Intelligence

File Origin
# of uploads :
2
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Detection:
MedusaLocker
Create hunting rule
Link:
https://www.capesandbox.com/analysis/16921/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60/
Threat name:
Win32.Ransomware.MedusaLocker
Create hunting rule
Status:
Malicious
First seen:
2020-05-30 14:28:46 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
39 of 48 (81.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lauqvfpbpfpmomjojtrgx77x4d5xuyqkhkwcmj6tvzwih5nex5qa._file
Verdict:
malicious
Similar samples:
0aa6ad540cef4f7c3583accdb2d103681f2ebf066928df8760f2b5668fbd58f2
MedusaLocker
50a672f57c59c6c3658e484c1c271f358ef2a92596242c77eb8aba6b46465e97
MedusaLocker
8597f458f1dcc5ecdf209d9c98b1f72c2fce2486236a3ae73adbe26fb6f9c671
MedusaLocker
8b9bdc5cf5534d377a6201d1803a5aa0915b93c9df524307118fd61f361bdba2
MedusaLocker
9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd
MedusaLocker
bc8487f444ed159dc422bc062c47141357eb64fc49838e5bfd758e05a8317343
MedusaLocker
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan ransomware spyware persistence
Link:
https://tria.ge/reports/200630-ns1w3kbn4j/
Behaviour
Interacts with shadow copies
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Checks whether UAC is enabled
Drops desktop.ini file(s)
Enumerates connected drives
Reads user/profile data of web browsers
Executes dropped EXE
Deletes shadow copies
UAC bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/16921/

Comments