Overview

overview

10

Static

static

galadriel

windows7_x64

10

Resubmissions

02-11-2020 09:26

201102-arw84b2l7a 10

01-11-2020 18:55

201101-6vvhqyxv6n 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f.bin.sample

  • Size

    133KB

  • Sample

    201102-arw84b2l7a

  • MD5

    ba59b52b445f45aaf8fb707445587b48

  • SHA1

    4d8a885624f580a3578026acae4f0bd53032db5d

  • SHA256

    d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f

  • SHA512

    be951dca8946e187aacc86ef16fa319e6524191286316e3f387d21b1797f92dea6aa0f37ae47efd60f5fb7ccb342135049bb3753bbb35941438f6a690bae3137

Score
10/10
ryukdiscoveryransomwarespyware

Malware Config

Targets

    • Target

      d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f.bin.sample

    • Size

      133KB

    • MD5

      ba59b52b445f45aaf8fb707445587b48

    • SHA1

      4d8a885624f580a3578026acae4f0bd53032db5d

    • SHA256

      d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f

    • SHA512

      be951dca8946e187aacc86ef16fa319e6524191286316e3f387d21b1797f92dea6aa0f37ae47efd60f5fb7ccb342135049bb3753bbb35941438f6a690bae3137

    Score
    10/10
    ryukdiscoveryransomwarespyware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks