Overview

overview

10

Static

static

Samet B_y_...in.exe

windows7_x64

10

Samet B_y_...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Samet B_y_k_zk_k.bin.zip

  • Size

    60KB

  • Sample

    210324-xxp1vv4776

  • MD5

    b8a70faa6039ec211f92d90f2c47c287

  • SHA1

    83c54f3d3c4335842a7c33df5625d3522e8bb763

  • SHA256

    3ef678ef77ee119b3fe2cf0650f31fb997edd7d15abc508e9738e554cd35e771

  • SHA512

    74f5b865bbb2c7546023ab9be48f5f5fb0b45e1bf51c3857315ca9b8bfbd1efa66551d7ea00cec0d320a1348b6280e1379098b15c357107a95e34470d3330633

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = 'BVb1qR2'; $torlink = 'http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion

Targets

    • Target

      Samet B_y_k_zk_k.bin

    • Size

      119KB

    • MD5

      c68395e474088d5339972e2bf5a30f3c

    • SHA1

      502e42240969399c09337ecc7b5ca8fc1ba4baf3

    • SHA256

      9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8

    • SHA512

      5320fe8144071dde940ebd0285e6fcf573d36c28ea51fca3b5aecc49bfe5ffcf25d1afbd294e0d0b565a3a621d5ea189b075d868bbef521f2e1fe6702e8be75a

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks