- First seen: September 2019
- Aliases: AKO
- Samples:
- 047afef95d0db82439c20da0bcd544af6d4b670f1417d7a4d51c940588d5e74c | windows | ransom | pe
- 3a5b015655f3aad4b4fd647aa34fda4ce784d75a20d12a73f8dc0e0d866e7e01 | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 694784 bytes |
| CRC32 | 0xbce308a6 |
| MD5 | 47d3b5d4e9a2ffb63b78c8a6a5dc5939 |
| SHA1 | 5605157eae0ba33b13fe54745a68a9ceaa1e7216 |
| SHA256 | 047afef95d0db82439c20da0bcd544af6d4b670f1417d7a4d51c940588d5e74c |
| SHA512 | 5102fe7bcaab8c5506b9ac9a6bb44efb4c9018d2e37e2a718878d1ebfd49d9affcc1bebdcfd912e265e747ff8a6e9dcbc71034664709327e4865622d6e99ccbb |
| Ssdeep | 12288:cPJ4U0TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLuWJVoM7:JzTYVQ2qZ7aSgLwuVfstRJLpYM |
| Magic | PE32 executable (GUI) Intel 80386, for MS Windows |
| Packer | PE: compiler: Microsoft Visual C/C++(2017 v.15.9)[-] PE: linker: Microsoft Linker(14.16, Visual Studio 2017 15.9*)[EXE32] |
| TrID | 32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13) |
- Avast: Win32:RansomX-gen [Ransom]
- Avira: TR/Redcap.ejuim
- Bitdefender: Generic.Ransom.MedusaLocker.942644D7
- Clamav: Win.Ransomware.Medusalocker-9811271-0
- Comodo: Malware
- Drweb: Trojan.DownLoader33.34694
- Eset: Win32/Filecoder.MedusaLocker.C
- Fsecure: Trojan.TR/Redcap.ejuim
- Kaspersky: Trojan-Ransom.Win32.Medusa.aj
+ Mcafee: clean
+ Sophos: clean
- Symantec: Ransom.Cryptolocker
- Trendmicro: Ransom.Win32.MEDUSALOCKER.SMTH
- Windefender: Ransom:Win32/MedusaLocker.A!MTB| Property | Value |
|---|---|
| Size | 676352 bytes |
| CRC32 | 0x215561cd |
| MD5 | 129d3661a7341d3b069868a43714b425 |
| SHA1 | 7ba4d0d2d606179c2aab2e2ebee975e05e3d74e1 |
| SHA256 | 3a5b015655f3aad4b4fd647aa34fda4ce784d75a20d12a73f8dc0e0d866e7e01 |
| SHA512 | d1725f222bdfbe6591f4c19919dbb942c1680656571c8f00376de593df28c252c1feedb5ed29dbc4ceecd916c320174632fa3222c87156922168efa1df8efb43 |
| Ssdeep | 12288:f+IZ+bobAyYFJPrsU4VwryxjpBx8ajiOhA8tsV1YRbRb7:2++EMyYFJPoUecOh8aWdD1UB7 |
| Magic | PE32 executable (GUI) Intel 80386, for MS Windows |
| Packer | PE: compiler: Microsoft Visual C/C++(-)[-] PE: linker: Microsoft Linker(14.22**)[EXE32] |
| TrID | 32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13) |
- Avast: Win32:Malware-gen
+ Avira: clean
- Bitdefender: Generic.Ransom.MedusaLocker.6E710591
- Clamav: Win.Ransomware.MedusaLocker-9811275-1
- Comodo: Malware
- Drweb: Trojan.Encoder.30026
- Eset: Win32/Filecoder.MedusaLocker.C
- Fsecure: Heuristic.HEUR/AGEN.1223884
- Kaspersky: Trojan-Ransom.Win32.Medusa.g
+ Mcafee: clean
- Sophos: Mal/Ransom-FX
- Symantec: Trojan.Gen.MBT
- Trendmicro: Ransom.Win32.MEDUSA.THJAFAI
- Windefender: Ransom:Win32/MedusaLocker.A!MTB- https://www.picussecurity.com/resource/medusalocker-ransomware-analysis-simulation-and-mitigation
- https://www.blusapphire.com/blog/medusalocker-ransomware-identification-and-detection-in-a-live-environment
- https://cloudsek.com/technical-analysis-of-medusalocker-ransomware/
- https://blogs.vmware.com/security/2020/06/tau-threat-analysis-medusa-locker-ransomware.html
- https://www.cisa.gov/uscert/sites/default/files/publications/AA22-181A_stopransomware_medusalocker.pdf
- https://www.cybereason.com/blog/research/medusalocker-ransomware
- https://www.theta.co.nz/news-blogs/cyber-security-blog/part-1-analysing-medusalocker-ransomware/
- https://www.theta.co.nz/news-blogs/cyber-security-blog/part-2-analysing-medusalocker-ransomware/
- https://www.theta.co.nz/news-blogs/cyber-security-blog/part-3-analysing-medusalocker-ransomware/
- https://dissectingmalwa.re/try-not-to-stare-medusalocker-at-a-glance.html