Overview

overview

10

Static

static

galadriel

windows7_x64

10

Resubmissions

02-11-2020 09:24

201102-7dbe5bltjn 10

02-11-2020 08:10

201102-3my475sppj 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6594508477464576.zip

  • Size

    71KB

  • Sample

    201102-7dbe5bltjn

  • MD5

    0e77214161419f8e409ca2b7827011ca

  • SHA1

    7970b51a59e0969f0dc9a5658da73d50e2525922

  • SHA256

    8bd0c2de7af721194571df16912e01228e4e1d2a2f26470d7947f231c05b4269

  • SHA512

    d8069b6149dc1f49187332d0fbf6680224b83627f83fb6a7cbe1bc851960133a87a3289d8f41c497c300ea75ff99ad29d89f4ebfb903f956a778f814ace8a915

Score
10/10
ryukdiscoveryransomwarespyware

Malware Config

Targets

    • Target

      ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f

    • Size

      134KB

    • MD5

      0a0b0ac20e9fe72753e74def1e37724f

    • SHA1

      fd683b33ee10ba92e485f76fbad9b48a2e697358

    • SHA256

      ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f

    • SHA512

      3f5d8b747955fc5926767c04be7c7d414205d01e8a2e586d3e94f2a4da756b56b15a795ec5847894b21b39fba7d595d18898df60375c126998e6b638cf78a759

    Score
    10/10
    ryukdiscoveryransomwarespyware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks