General

  • Target

    ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f.exe

  • Size

    134KB

  • Sample

    201030-s3yv6arcj2

  • MD5

    0a0b0ac20e9fe72753e74def1e37724f

  • SHA1

    fd683b33ee10ba92e485f76fbad9b48a2e697358

  • SHA256

    ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f

  • SHA512

    3f5d8b747955fc5926767c04be7c7d414205d01e8a2e586d3e94f2a4da756b56b15a795ec5847894b21b39fba7d595d18898df60375c126998e6b638cf78a759

Malware Config

Targets

    • Target

      ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f.exe

    • Size

      134KB

    • MD5

      0a0b0ac20e9fe72753e74def1e37724f

    • SHA1

      fd683b33ee10ba92e485f76fbad9b48a2e697358

    • SHA256

      ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f

    • SHA512

      3f5d8b747955fc5926767c04be7c7d414205d01e8a2e586d3e94f2a4da756b56b15a795ec5847894b21b39fba7d595d18898df60375c126998e6b638cf78a759

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks