Overview

overview

10

Static

static

c68395e474...in.exe

windows7_x64

10

c68395e474...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c68395e474088d5339972e2bf5a30f3c.bin

  • Size

    119KB

  • Sample

    210317-w3pgez3hv6

  • MD5

    c68395e474088d5339972e2bf5a30f3c

  • SHA1

    502e42240969399c09337ecc7b5ca8fc1ba4baf3

  • SHA256

    9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8

  • SHA512

    5320fe8144071dde940ebd0285e6fcf573d36c28ea51fca3b5aecc49bfe5ffcf25d1afbd294e0d0b565a3a621d5ea189b075d868bbef521f2e1fe6702e8be75a

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = 'BVb1qR2'; $torlink = 'http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion

Targets

    • Target

      c68395e474088d5339972e2bf5a30f3c.bin

    • Size

      119KB

    • MD5

      c68395e474088d5339972e2bf5a30f3c

    • SHA1

      502e42240969399c09337ecc7b5ca8fc1ba4baf3

    • SHA256

      9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8

    • SHA512

      5320fe8144071dde940ebd0285e6fcf573d36c28ea51fca3b5aecc49bfe5ffcf25d1afbd294e0d0b565a3a621d5ea189b075d868bbef521f2e1fe6702e8be75a

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks