ryuk

General

Target

a563c50c5fa0fd541248acaf72cc4e7d
Size

635KB
Sample

210311-n5b4nrzd9e
MD5

a563c50c5fa0fd541248acaf72cc4e7d
SHA1

4b8c12b074e20a796071aa50dc82fe2ff755e8f6
SHA256

180f82bbedb03dc29328e32e054069870a1e65078b78b2120a84c96aaed7d843
SHA512

d7c4c92b3eeb8cefe6d007b7b4fd79cbec388582ca0f3708d520a2c3e432d490d2f69ce365edbc1141f13e71ac473fed74a4367b7898af68d5c1e3b4e4899479

Score

10^/10

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = '5GqsR1ewcO'; $torlink = 'http://piesa6sapybbrz63pqmmwdzyc5fp73b3uya5cpli6pp5jpswndiu44id.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://piesa6sapybbrz63pqmmwdzyc5fp73b3uya5cpli6pp5jpswndiu44id.onion

Targets

- Target
  
  a563c50c5fa0fd541248acaf72cc4e7d
- Size
  
  635KB
- MD5
  
  a563c50c5fa0fd541248acaf72cc4e7d
- SHA1
  
  4b8c12b074e20a796071aa50dc82fe2ff755e8f6
- SHA256
  
  180f82bbedb03dc29328e32e054069870a1e65078b78b2120a84c96aaed7d843
- SHA512
  
  d7c4c92b3eeb8cefe6d007b7b4fd79cbec388582ca0f3708d520a2c3e432d490d2f69ce365edbc1141f13e71ac473fed74a4367b7898af68d5c1e3b4e4899479
Score

10^/10

ryuk dave discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Dave packer
  Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
  dave
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dave packer

Executes dropped EXE

Drops startup file

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2