Overview

overview

10

Static

static

xxx.exe

windows7_x64

10

xxx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xxx.exe

  • Size

    208KB

  • Sample

    210323-hfx4t3px1x

  • MD5

    3c08d1e5233c623bfc854879173544de

  • SHA1

    a1add1d1e80d84440fc013abcc754f1bdddf3a20

  • SHA256

    956246824d2fb2f5f4738c450e8d222042b08c3e5c67c3ec755bedf641b7b1c5

  • SHA512

    01adb468d0318f44532f5222fff6f06eb5128b6b368d2a939b0e5c54da592784e793f97a1a9617f908cf0b2b61c61253ec0157433faf3894cc34e63fbbc5a943

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = 'UDmHKcEqZ'; $torlink = 'http://lgjpuim5fe3pejmllygcffape3djui6k2a5pcbpuyvps3h4ajb7yf4id.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://lgjpuim5fe3pejmllygcffape3djui6k2a5pcbpuyvps3h4ajb7yf4id.onion

Targets

    • Target

      xxx.exe

    • Size

      208KB

    • MD5

      3c08d1e5233c623bfc854879173544de

    • SHA1

      a1add1d1e80d84440fc013abcc754f1bdddf3a20

    • SHA256

      956246824d2fb2f5f4738c450e8d222042b08c3e5c67c3ec755bedf641b7b1c5

    • SHA512

      01adb468d0318f44532f5222fff6f06eb5128b6b368d2a939b0e5c54da592784e793f97a1a9617f908cf0b2b61c61253ec0157433faf3894cc34e63fbbc5a943

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks