MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8597f458f1dcc5ecdf209d9c98b1f72c2fce2486236a3ae73adbe26fb6f9c671. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MedusaLocker

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8597f458f1dcc5ecdf209d9c98b1f72c2fce2486236a3ae73adbe26fb6f9c671
SHA3-384 hash:	70b77bc947e1dfbc173a1856f97418b45924099569428d49798500e90580115a928dd09c21a68588abc67ef0d1217c8d
SHA1 hash:	fc31989737dcf21b73bc0956220852dfab2cb549
MD5 hash:	858ffbe870a7454c4a59f889d8d49169
humanhash:	robert-aspen-sweet-mountain
File name:	svhost.bin
Download:	download sample
Signature	MedusaLocker Create hunting rule
File size:	694'784 bytes
First seen:	2020-06-29 08:07:55 UTC
Last seen:	2020-06-29 08:42:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f2a8a842c869f344b4d75729bc60feed (8 x MedusaLocker)
ssdeep	12288:cPJ4U0TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLu5JVoM7:JzTYVQ2qZ7aSgLwuVfstRJLmYM
Threatray	6 similar samples on MalwareBazaar
TLSH	4EE48D1035C2C132E97315728EBD996E416DFD220B2728DBA3C8165E5FB99F27E32532
Reporter	JAMESWT_WT
Tags:	MedusaLocker

Intelligence

File Origin

# of uploads :

3

# of downloads :

175

Origin country :

n/a

Vendor Threat Intelligence

Detection:

MedusaLocker

Link:

https://www.capesandbox.com/analysis/16037/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8597f458f1dcc5ecdf209d9c98b1f72c2fce2486236a3ae73adbe26fb6f9c671/

Threat name:

Win32.Ransomware.MedusaLocker

Status:

Malicious

First seen:

2020-06-29 08:09:05 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qwl7iwhr3tc6zxzatwojrmpxfqx44jegenvdvzz23prg7nxzyzyq._file

Verdict:

malicious

Similar samples:

0aa6ad540cef4f7c3583accdb2d103681f2ebf066928df8760f2b5668fbd58f2

50a672f57c59c6c3658e484c1c271f358ef2a92596242c77eb8aba6b46465e97

58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60

8b9bdc5cf5534d377a6201d1803a5aa0915b93c9df524307118fd61f361bdba2

9c76a29d9349d21165a916b11ded6139a3cc066d3c59880a5b9016d42ea948fd

bc8487f444ed159dc422bc062c47141357eb64fc49838e5bfd758e05a8317343

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion trojan ransomware persistence spyware

Link:

https://tria.ge/reports/200629-14kyw2df6s/

Behaviour

System policy modification

Interacts with shadow copies

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies service

Drops desktop.ini file(s)

Checks whether UAC is enabled

Enumerates connected drives

Reads user/profile data of web browsers

Executes dropped EXE

Deletes shadow copies

UAC bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/16037/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample