Overview

overview

10

Static

static

Test1

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f.exe

  • Size

    134KB

  • Sample

    201030-s3yv6arcj2

  • MD5

    0a0b0ac20e9fe72753e74def1e37724f

  • SHA1

    fd683b33ee10ba92e485f76fbad9b48a2e697358

  • SHA256

    ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f

  • SHA512

    3f5d8b747955fc5926767c04be7c7d414205d01e8a2e586d3e94f2a4da756b56b15a795ec5847894b21b39fba7d595d18898df60375c126998e6b638cf78a759

Score
10/10
ryukdiscoveryransomwarespyware

Malware Config

Targets

    • Target

      ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f.exe

    • Size

      134KB

    • MD5

      0a0b0ac20e9fe72753e74def1e37724f

    • SHA1

      fd683b33ee10ba92e485f76fbad9b48a2e697358

    • SHA256

      ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f

    • SHA512

      3f5d8b747955fc5926767c04be7c7d414205d01e8a2e586d3e94f2a4da756b56b15a795ec5847894b21b39fba7d595d18898df60375c126998e6b638cf78a759

    Score
    10/10
    ryukdiscoveryransomwarespyware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks