ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

6444930527166464.zip
Size

7.8MB
Sample

210330-55329meva2
MD5

4a9819c2f6c56a1275165c507a00c6e5
SHA1

5f1ef638e5d1d90c77d00f7a2e10757d90667e98
SHA256

59a777daa0a5b26077c69c7cb26b7f72be6b38604b7caea7c6aef0e89991c748
SHA512

e8e0a2eee2e4ad464687717a2aa67b2dcd3708da7307f8ed4382f9a72502ad5c98dc329aa1aa60ca6232bb35e9ba2245ea53de280488fe87829d84b7ca83bf5a

Score

10^/10

http://ddchw6p2kegymsyoqljqnsslebfh5t7e45s6m2pqhhn5mt4yb3rlazyd.onion

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.fr
Port:
587
Username:
[email protected]
Password:
pilote30

Extracted

Path

C:\bootmgr.txt

Ransom Note

We are human beings without a job, we are not looking for problems, we just want to feed our families, We encrypted all your files using a powerful algorithm. We ask you to pay a ransom of 500 euros to decrypt and restore your files. We guarantee your files will be fully opened Contact us by email to communicate the payment method : [email protected] [email protected] ***** What guarantee you? **** You can send one of your encrypted files on your computer and we decrypt it for free But we can only decrypt one file for free. The file must not contain valuable information. Write this ID 22B2BC15 in the title of your message You have 7 days to purchase your key from this date: If you exceed the deadline it will increase by $ 100 per day, so we advise you to respect the above mentioned deadlines;oJBM0DmdOi1pBzqw6qMro0QHaCHxcjdtKlvvnVFBoO9K+sdUDe2RguFBsc3qY50AwY8XAu0ECR079sh4BE7kepsRzedoOinR6q+EAR/OZYGhX2QdHsIeLXToczV6NO+noEiGvs1GprB62GwO2t/NsJ3gN3QBjSJnvF6Usuvu28PEMZnmU0lDNJ1k2EBxS4Q8X+JrcUTqJqesRw4S6MOVfMI/u9F5QWwsoW3ZAxXzy+3w6hkAtt4v5Br02MJ3+pIT7ExtYuWGVoblqSUSpulm7+Piam4Lnb1UtfFZJjyF5CX5ITUbmCiznd294pYfnsa60KwzhXr8l7rJirYm9V5eNykrOFlR2VPfEYOQbdSIUzet9NyJwbEN5Oa6LBE42DcJ/Vwik1unSDVOv8PaJCDTzjPKz7BMWH+NiBzHQfuL31tVaJCvlhx4Cw/hlpIraWnJfBqXnhodq0zZiJ/3XpjBQ2GTUAZwq6imSDmdavVSpH2qEsD30xwV9g1YN0E+ZqKmKVoiuvu+5r/uIs+EDeDgzhFuW4Litwng5TR2zPeS5/d4jwlyGvV6qrqY1NVwdXGU1bF1kChi67iNNRWSc4Um4o3qXL9EoyWqYdrA1XGp6VFSS4UK1O6sSSTRCU4yE0Aodd+tmhurejt7czVTnURjKDNuVB4Oh4TrBZdQ11CnemyajJi7RC4zNkXlMfxNAIAiXdY4J18RicD6CqccBWVPHs7z8O3KjaBiCUr+Xo/7oDzHfHzfnRWSWf0mzdbKOGSgMmshZPhEQ0xNy0D+OB5pV2hOovPcTib7MJnk3VuuQJaQw8oLjllm/xyRB3Rq1WBLcsNzIjOSXOGK0tX92nyCyS7AJiMkjKi+efoNEbsYri1ZOPeTd0pXqYo4BeXHvCRlMp3SV4/gZzsC4m5f/Loffq42dgUfgr+bKVv4o0p6kuksJBo8dmdFZGu4ropJJHlcLY5Tm8PnBzhq7QyHSm7CCvXm2JiWRMnacIeOL0ivLDBbWrX812dmG6ZOFPlWM25eFqs+nyZm33/zAcnj2E1w2IqegHwB4BMUvsBu5oQWhct75ar4/RGTI2bCVDQ+622fg3xPFd6LymI7JsegyG+866b0mgFuSIYILQtFzW5u/qNA43oPoy6EyNFXYtxsMT9K8EBxeqTaU+2eHXQpVpx20e4ws42pdL8T/5AuZYF0uGxWMY14VZu1Nun/LxtbY3+KO/U/VrtyUvZ6UCjexq5243PVTZuaNzUyFVJShHf5gq1qsbE9Frdl8Sh0Z+UW9AOg8Qun1WzNcKYQmtNjDG7F9DfumkAfVVT+dJJbIQ+sZ8PUrPVUlQdiDbGlbFbt1wHLMx0JdtNBdGLEuRJ9yhbGnsaM/bIG4W36ZTjyTitmIg/kX9mOMEiyAjfSN0LgABUnG1NOg3+cM/R1dAv/eOMPTs4ySG9hTHW41o/e7IN3a65UmNeIbNFR/ysa7EKz74jgt4KClS7/ClmMfu5vJYUVVXoWnYnjPqeA0M7+yjoo/hE1Tzb5PDOYWp+nDGW90kVUmpirdT1kpfPcQqy7Io6rHtAY1D1cqf2Rzun2mGyqEsd6t/7zgLCgHuYeVXdKGcpdgRyDx4Qsu4/zv7WUzzSgpDh5VoF8PkXAYepqT+fPmmCOwe2nheRP6IuHF1ynyoF53ULAb/W8/nw4eVaBfD5FwOgP6uCdLFBgUo1CHjoM0xexEH3HQRcfanueZTBTJxeYOHlWgXw+RcDCSpQbu2StdjH05N4/JsRGloegIo35yV+gXoPhR6KC9zh5VoF8PkXA1HFl47L2H4Hkm4b1mXSnmhRvHkmUKPQsXUhpbtpk6UZXR1iMbLyS2V7ldQFwrSGraf41lb+jMQAkVlvBbiObnF7nzCBjCb0fHyv2BuD9H4jMbKC9l5TbcT6bvfoC3rKZqeP+ySS5xvIKvDMsFk26b1qzDunnOhl7oYo8je/JgcFteVx+OT5BF+7ecQc+TOxpEGIXGfFrz9AD7Jh7pFKsCNffwkntAf4uFLQ9BKNz8kJKbpb2a/A5dxXmFElQoIyJCDhxhSt3/p588NMXK1qGLPK2IbHE33oJdSyhCCKaILaB0xRuFbyzK+xpnvxVSwQ0kVYz7cCc50+6EXnzD1CqGl9R37xW6y/hztpjUETD5ZUvMRbfyGj2KlO+MLORMyKQjadYWdQkGEoCbmi30YyMEeTn2qHAQG67H73mAJLqi/PS+wFcX4OdDsJ2QE6VlFaPesKSestYH6ChXVRTbR1skbFAHyDtkw2V0stR7RPojX/gUr7yIavZpVYxjXhVm7U2f3W6CRafSic79T9Wu3JS9npQKN7Grnbjc9VNm5o3NTLw+MQ7iEm7miCSxyH5bGHZ3+2FR0wvikqc8FAzK8tAVG5L9AwuD1LX3ONS1BM8VmL8TZ/08CSun4ZJmEn23rNOed2+FOuZjW+yJpMzI9mxHmtLERFbNtZrIiPkB2eeYckJasS1yfPCO8QjmiG4ac9J/KghUKEY/P6gVsnuxjVW3fIwyfgDIvwrwI6GXN0SsXyN3ba4j/NzrH47J1JslUtjmc/LRABanJYGlSIdhnAXZMrGl2UDhDjOXqQ6W4FDYEC7ewX8tPJFdXoC3lyQfTZuegva1pavFE08LRlMnXECyAkHjwpuxPeF0cTSo03O0+f7zCCOOMybGSbYbukReCJ/Il59BBUhTZIvnZBZhoesT/34dYtuzhWTl+YRnsfUIbq1wlxQteqKS0L4vgHJb43I8S5COtBrWj1Bo3Iklw1vuYAKfyytz9THxJzAcytsT2GHzyhR9I2yNDG5lOGH83Ra+gupBFinPkuSZa5xKAxGquk0jK6OAuULtcJcULXqiktNNUs8wbRpa514raeez0+8uKhLegX34B/MPpMpXqpuqIttlh6i06Ex0WhYgnZ03lxgu/55O18AT9HxNGoWq+QedFGckN7E7atgtDM9Rc6plIacTYl6cVqu6Rz85dRdXUNuGo4yVRhG0KEeu5y75Fe/zb4DDis/36uH8AekSh3JWMKFpP75IvpzsN/AojvTL3JJwKvOPA1MWHU9xrrWaFVT35v12wsqHVlyacJ8ikPUBrTjsSuS3TZ6xecyYWf2BjnUGRqCyiJgtzmVVFSXzNfN2cUZhpXGeUUTeElfwgbbjIfs0ZNiE2P/PtdxIzmpBbCN7nBiSI7py1c7XWRpaRK9yIoKHRh13f8H4m3QF0uV6mV/C5kTVOlx4dWfv21GZkMNsiTIhwFILWRXDXB5kCtMNXPPRqPuXJQPjZS8INONOQNOo9G00DG9GjInbQnb+77GUlkZKkt9H2Stz8wVIAGrPyOLzH9poMnVuQ4AyCU/0u8NnYg0mt2jWkLeu+LPZTgLRmquzkXUuPIforPa4y3/kt1UPC2fRh40uTtuWm6u6SIJbSbx7akoBglKBNO8C5cpDGXLu5hDuQ4Vt/iY6A7d63amJGJKJlJ1tkYfnE1XfkTkvFAh/JgGfX7lhfOkJzI/Eg664WCOx0uIHkP0qmuywM6FdoNim+N9v1z54YzC02JV6CC5wQ5KyBVSsEH4eQByIKvso2PZPFDd8qNVHgTXzHCUomCa4RySq+Sq6rxYusDOhXaDYpvj+KmPOJ7CqpoR5DdmbMwTqrnfJ9gPpekRXOBgDJSjasw00bm0AGCGUaLo+fOLm+s3DLISgeGASa8458TspVEUsHD8yx8HDbTOsrXhUbxfdP73R2G2T3MWOlK1aIVcVUNtcpNLQ4DNwz1pAJJVpbM9u/vHWb2cKnavJhO4lwnybWPpHRNcBG1G5+9VBSwddMmwh2TxJDmsbXpxIjA8d9ZTIx3VRuHh986/UMrZI1GSKBKR6YAxp2BRYN0l8xnrIibKE+mOuQmh+cjGKBeJ2fUTDqzAOdEmQyX1XQeUWRcrleqnvZaxbRP3/MvRfnwN8ugO2fGOtXn74VtVRBZ3lhmnAjcPgG+ySskokoEUXZs5uT2K27U6gTUoVRo2I3djB5OGuLfGj/N0zfVTmBx+jxmnZUjWhQVtDj5rzrVSJSXF8uzOOqlr3J571UeMZizbkHzE9opa5mzt6/d7+REcel8II9paSPTeiftMbtESwx4ZKqEjnkmTvc9YFNbSLYCyOxXFpKsJ40fHE2myAiDjNoEkN/vax+BE8nNXYw0MV+r94LxQtD8g3r/Ujic89gLrc7HyGNR6If67lsoo9u62ghiLfgyHaK30VGvg2eiL/+jflcmw11b6kJ8KYOx6HEYRKhUw16XlB06qkbgszcd7gxIvSrDXVvqQnwpg3nNbCk0ctk11pwNoN03UVw0dkUTTs3/yIp2KcQDws7EL/75kYnMRG0V3DLdcEoKFyQDrnDRaNionPp2fuZj1i52u76Gl/Floc0NmxREzt3kpahiPVV6ZmuAZP5hOgbzgLi/e3zcqDeVuu8SMhmsAYLH3jq8sNUJAFsFQcY/29D36NmvPjqi7ymGvtjZl+UPN7orWe8tIs9e8RMa1VG0r88fQ1gi6u7ttUMcev42Jywu+PU4vXf+6LvXjG2RN4ZMtJS49TTamodQFrcMo53MgxKNkHtnyqypzm5vNgIk1/bNlfquxIZQcEHIXfM31HMXLLGfZyaEklfw5Tlt5wnQwX9Zm1OeJmoonnZG4MVzoBu91aUjKS0IstkzXMaU8RRBRyDcL857Qvq3K3K1rQSQtimu5+m6ZHWq6eXxYB5dZhUR/Y3QNjIay9HIaMI9QQ+pzxlJg3GrcDnf7pkmmFaxMkEQXtvtcMfK8UkyctZtbDjbvrDteavqH0hBUc9AbU5oYagKiDkC10e7rgQkFkOCad62BggDa0tdRQiNpRWrZuNFdqiszBg9mnb5lE4hNDx46kZ0shgPrfJ9cussAEW7sokUTrUrvkKLxRVA5+1M+n1bjcdixacLxHeUUqL0tMBVh2ic+RhN8UY4QF3z5t+9Ct8cxB8evja94r/1AN8eNjIIwGbjPkg49odrZ3KhkC5zjQEYuOtGKzYwFJaM9SoIRC3e9rhqzOuWsD2a2P8uiMU51arywLaU2ZIjV+mvjsD3NrMQs0/N+BFVFgY8w2TChbApLnaNOQSXzV2FQKegIlRo3ZwX7nYeZ7BQOVqNiQC/VK3LoYFKEcLEC+6G45w9wWr7ADG++esohCx0qL5RDS/Z53f/WXBJ23LBEG7Ag/DnWgk5n8eaqgzUOAz5X+rmVYGXlb2faUHIXBN9xnYJvRU83ZwX7nYeZ7BQOVqNiQC/V8/Ca4sk1qSsC+6G45w9wWoHlKwgJa1d0xT1sZ++/z/WFpyK4M2BDRMz8agS8EpNPrVlHus81AxULHSovlENL9nnd/9ZcEnbcsEQbsCD8Odbs0FkeX/3dDMSuq6LCnlZbTYxkxBEDTMNuASWP7IjSinrNXrfgnc1aJ39SnngkjbV3ap4ECi27A4BCpnP+HQnVKQnkkoaUJShoeNpjrOQYpnePkYH90kI3gm18oqtaZXu6D/YiefypMplowKWqQ9OCi/wcH7lPvLz0RTbNvDpQFWHr2nF3biEvEPbx1v+m07+ndFtIODp7H9D3o4IpDYgrLrJzplTM+F5NOvDVbd3r5qd0W0g4Onsf8t2OGYfciEHXYDkXcZf/+k5tcBAHty3eR5UcLQBJeGEFJaM9SoIRC3e9rhqzOuWspFZR/keFlkwusnOmVMz4XhnKeu86JG3Z+rXGqymqY0/hW+ecC9pdaIWX6SlmMNywPK1M4Dza+kWMc6668UHL/FXb2gTzJDnabd+hNAUwN0XWrBDQ+5eI7zbrwUQqHN5lgmqIbHsBwYetzsTJ+HvKrQzgzW2VYk3G2+C9+QPkk5954LYgoczA8UKxwKtZYm6LTm1wEAe3Ld5ARi460YrNjFe5Q9W6Dan3pYvI8e5dSVoyU3QObVoSBK/9RxQnSB+2E1mXvommlPu2lmsVGyLOPSway6u4O7DDiQrTMiRm4Yt4O+cu2vxa0R0/fEq4q6McJp89fPZhFvxObXAQB7ct3rfK0eJ2j+9O16ywARf2iIfvwdML/f3p7pL+eqrQlkyYr5tGYhtN3ghjm60nHbXLXM0es2rBeKufUjlg8og6A0uK37eAk2pxxy5QtfB6duJq3331RVeXaN7tk8Ma/vipF+CIz3Xte7s2p13doWnV5WRXNMlM64kxOheEdNnfabovgq71Qk92pn51RcJqHU4nqvRTb1esLj8gq4RTDRStFs+59NQOyGgoBXjIv7Stm9WFB6i5esA/O3qTEJ/kyJDi9a3H58KDkmsKH1ovcZ59kU8LaDALDd0SvMGlKRdVRazbJQ4IJVSWQPvjmFzM1TG9m+KzOL2yWi/we/jNqb1GWkKzezM63ab5o/i/8ikcsAd+45hczNUxvZtg9TY6Fzq835pu8ZtDfFtnRhnEI51zoy7eUU1/5unDnEQgT5YFxVlYpyuZEu4xgbY+13EjOakFsGxDzzXvOcSwLX/Sod+28kd88gqJUdv3pEPvl6S4LWegukuXuB4OSkPnM6kkQOSjmQmc4GPIW5MBupSnaMOKNvWnEhNtmAAe0/5rjFSOuQ0zo8R+Oiu8TtekBgo3T+f6iHihrlYPVujWRgbevJq5Nwg7PSvy9JmKrKPEfjorvE7Xvv6Xsap6ZFGJzmzfn0Fh8xWWNR1lSuVZqxEMHJJdQ+YEIQnX63ZuD/Bvu7tnfVYxcbv8CqOUmMKIJb+C7oqDBpA0GnvsQ05EX0hnI4L4Vy6y8hPD+ZWSk59/U+8vZ18PkdtVTRKNTBJ9F7Dt8NhQJJHbVU0SjUwS16GDzrd+yCCff1PvL2dfD6ciTl+XSG6PfRew7fDYUCSrFO7akzbgoEjHXpsbKlFrMu24/WSQDs71XrHOwThyMxVGWUMu8aSCfJlWNUPS2//maEjoWviSSTxSdlOFL+p07tF9KyOe08HFnX9QrMYzlLV4/+3pQjCu/ZxPVCGbtJpUxu7hni3HAa7wwTjX6kKg0SUPIY2gvhbLayWjxXvjlVzYieCgMGhWMzs8KoBdlIyw38CiO9Mvcof2SRTl+wwUdT3GutZoVVOvXZ+XlKntsa0cHQVFgqVRBMQcMyIltZZRtME+vJSOsf3iZ4KsyXP5Tm1wEAe3Ld5R5VnmoQBayzjlwmD2uCsuIAaxm7dKMCWKwb4woFKqR835UxLP/spbUpllYgg+CgxGmDF9I6FqbIJOZ/HmqoM10SlCciAp5cFx/KmMLWDnR/QWwj4WXOBKeu7ZfT0gb/1vSazQPbxq6+2GL2Sz2rdjks8UAY24GywTAE9DMc1ffoFYiK/uoK6kdi62auIE+Ze0ZVEJp4pownI8FOFDxuZCAqH9MplmPBwMAS4qAoW+A2org44rpswYIwShEiy5ZntCnKzuiJyhvYuDhVFezLjmaRaEqZVx7MTRCqw7g6uwyGYd1iuUE35NcXDqqczD3LKTzo7uHOeiIiu19THCnfYZHfEVx0si4wNSmd4kR0yYDU2e07enEAuqrhgXzBkBDZSTAdOe2p8G0/aejfnEjoUILtMhxRYYZRrJLrzy5CfXYyhLSJZLMz9GiJIyYsueVnSn5viaJfyW0PCWfAQHlQZWehwxROiiV6C5ZmZAGowGurjL+3ZTmelI3UWvstm9/ex8M1gkS58EXE/Z/OKU9VfxCBNm6C6bgAJSKRF1jcdBkmGc4svpR7m1w32bNEHQBWkgarOq8C8Nud5rBeWQb5k2W+FeYvWD5sEp3FjQo/HYoKsNPzCBOjzq/mAB+yJ0PuNcs38eOSqeJyyfCZjz/72yFWH9aChHfT1A2t5isNm3f5PeVrF81LRpuc/RHYxwwQ0sOghTz7SjopXnhI1VdWsZodcmfNGhwjEm9VynDV2IO1pUmHEd6Esv8/ucnoqvcMLnGAoxBd1lUsiJYAnMywF7pD12eVdrvfDOybIJdS7vW/yVgmpNW5rEVVQOcTtyu0UPq04BwrSNDU4bX2qFYbxGkv56qtCWTJi1GCHFrvBLMMVYv7fjzH7q1QOsIfmFHjSUb5uNeU8z8MpadfNhxV/Zxu47fHne5xXBt9pM9zuf1l8ROVHXWbD3Gsx/dJJZpKlxa0FHe82u+FbqcenKhiK48VGGleTHBPV14ki9OTh41SBIq5oZtkO1QfK6gFWN37wPiKslEYvtbdfR/iB4AHrbYocaX8Td/wOkNaDkQ4o2Hkxp3EJfKCk6yuwR+P/IvLsKoXUsTvxReGlm//LZgNGeNNTZMUFkZrPuP71ahBaNw5e30j/GXPq7v9TQjUl8g9eQzKdGRqPyIKZ/xafyOsYi1h5sSBa31Xtn+HV1eYw4e86wNeY7PcncvE3REBtctFktxTP/FqQwDERme8LMjE8cb6GgSYYsh8bsRDIZsGAVOURpFFhj2ntU+iYjJu4LPRguCtmBChHW9lFl7OUUj6nCCxOazA1DzLGqGXuT19HeYF6BKPGOInlgUES3wnRmPR+dZPR2foRWxzjJOpkWxyqCWplJ6oGUEX/MPpMpXqpuqCzl8UgS/RIy/kRe+XXK9DHJ26xpLiGaDNihIXtopf2YAkbH3qKJamfibq1Ln5ipvkSRPrbCDlfp9mozrmFKlnLjsJF1NTvY9vm/+ebptjhT7pLdWzWCJyrTyABhOPvQVSFT94rD3mrgDACEXB5165zN8Y/8PJHcYvL/elGu2+Vka+U1YzfaJZrVX9Ur8DJsltvNr/FB3pLvC/u58EtY9FXiKVU430oxol+2EMxXi+TiNmRpaKN9i93cLZLVXZRe9sbHiYglH0IaKb086TJpfpVRKOxMqr35k7KuHtwPI5M+NYzReFy/lwRr3LoMVOjUU+BFT0I7g03AAOiDMEIDVc7b0fmr8ERoi0HyuoBVjd+8ccKhkHQAnJwkAl1ShY4+Ft7aH720EpgPZbSseVkKkW9/Hr8KvLlgtfwvhtAhuS/MaxjjOawYMlFuASWP7IjSipm8Glzk/KbQ+4LOtPNMs2Ats1jPRv9lsCwyn05jM/MKf0Sqc8aOnwlZ+Q34cZMQdlrjSPmlx7+2NBDTHvvcdk5/LSlZJ3YhOZZKaDO63Indp2vb9ACkx6EZG5GOFxlBwNIYtKW1WDGucWtBR3vNrvhWCdWQCbIRDLqpnSO18OMdjyBB9fyZXWjpIEgfuyJDQfiPb9wHUBDdl/WYQ48Ea3xFNsPEM6a850JRSha20OXgvdyi3VLC93cjT2WyJjifeWmZZl0fVworc4JBBPjGPpLIuX/01IEQf1H2tLXAywacWrydkNi2stGo3t90h6Jt1AnkKT6xf96ldIoRvLuFQxiDVut6cQHDAD87VNHm++5k1IHXpYYKj17R1bgtH97erI8ANo7duClAmVrXXB++RDi+4REyehOTamfwBFw1GnF933M0FjfquE6pyFrq8WB7TGU5KYz/QdzrCyafUDWGLLuEdM7pouBDrbgDxvm8YAG37oaNbCZ5pkHbV4BLyB64pF8CAgmhZIZweBzqPaB0aNhlTtiPyOkHIM6w8w1tQ8HWDxQUCRYuY2PKr2d6ZKhWT0IFza2qJ+lp8I0iSLiivaaXI4A6r6T5nbEZRgRRWkQalg76woybNHnMsDjIbr4SWLXyjAHrMNIEDTBULrjON1uaOvBoEmnXMrQYJwmoQNWcIux5a+W0cYHwLDl98VUhyndr7uLWk6TOD4m7f5LdPVjlWGn3qLMrPwIUxvlAmF8BfafhddNRkCatM8ki1ckUbklSS9501QPXmdKptKVvZ4zmIkumIA29/KUTGt5XZf4DD+BAzZEgWoSBZDiAScEfwsws1LSVinkJ0Nrls+60lxERz8pcVV2zfpiM8YTHHOEL3eMuHHLMc/LMN6cxKg6XcZP04YBjUAMqNLwSiSjqcZiT1wTa+s0WDs3NxdE+UzIz/K1fpRhpszQgVhhHqB97gQIRq358+s64tIsRS5uly76hHUExE/UdRIFcn/fjar5UIxINV3G/Qc6qVwchDCMmEzM7PCqAXZSMsN/AojvTL3KQlFNIcG3nVHU9xrrWaFVT/rLaDrYzlglGXNxTsuhXwE4dd8vBzLm0LCqW91NQ9zgysMzgiOPTjHwJOQUiChTIeOG42iP3wOOy8hPD+ZWSkwf5/MgIAXVzzkYiQZObl1OFXFhZJebb58qfEwY2gxyOcAe5lfDRCYZuLy6fG3xg4P1AYZhqU/vOpzFz+O0Sd+ZIGfGRXjEXCXV5TTqtUoPhI2Awnu+NnlM7FRfV14wLWgUAD//KLMMKw9FnLejJOA4gpDhjuzx7GbwwrkWdcG+wsUQCasEAxlzxTWBBh1ZgzDZVhOp8Lv1dsyYomG59ZqAJtUQLAunhqx6ob35Fb9rWAhGrfnz6zri0ixFLm6XLvoMYkw4ZM9I8evHiIjEAtDEotij1l/zn1aW8yKwOKZct49Lsq7yZdzj9QGGYalP7zn6J/rq7uvOAol9YhgjNgeFfR0L1CBAhZWVGtolSNuqJyS688uQn12NBAp/aYJB7chLLEQORqpc52bmFMpugkRS1di7hGAjhwA/m4YOLs3OLXYyDyfAHxvr+sdys+LJj/zOHIz9BI47uCouEVn47Xsf8uGYCnyYP+lt7um9qPuuPlE5HUpM0ebXzkFU3fvFYxcIOfi5cd1kSJ69qUGv76A/Kr2d6ZKhWT6W8yKwOKZct49Lsq7yZdzj9QGGYalP7zlEnuKQOdPjzKs9AVIZitAsR09ghJaRICxsbLFLIIStLib1E+syG2uI1F6XIGVTbanASQ05a6+GRb7JN9RItuuDjzOQqQPv9H3QPnIb3hrptp17jIqrz7Yzn7VRWo7ENC9qJMAQ12Af/AmTdcPEmmCfr7WVuQY1yuziTumHVzJeYUnLrrZraoZBJqj2E685pNlHQpltU/WX9DEW4IeL+d/Gdf7wo0FoWBaSlCO89QLfBci2VGI97FBz0pjXqGXDoAXJ1mHtMQ2ri/J+K+gONUElkK1ifin3o7YlFaFGi8RBPySbehKN3OXcUZ/XDjaiyk8tdGnB1iWNpjgzKz0taO8qtBlamAnYa5nUID/R8vulf3JR+kuQBSxrG0iJOR9sLHA4dCdqejWhpd+vm5EJBv14OHQnano1oab9nVjhvfnRR3BfXqSJQZVoPmo3nDHlkuwA5qt5WcCp8gxF0hVXlJycbx02GJr5S9K/mDp5VLwVmDh0J2p6NaGml1HDcLXf5qw4dCdqejWhpv2dWOG9+dFHOyRaIvPOxXl4uqx8s5z5nQXgVskfrcE9iV9nK1ztnm+9DWURKwm/kF/dhOhaftdlacpfbu1wqsgxSEYol+DNQ/0sCLA/C6h1xa0FHe82u+D/EcNYg8rKqGScdek5p4VfVrmTlddvEZ0m4TGLF90haBOfwXNMDOiPwLDl98VUhyhLXkl35FwfEuSmmAbUXKjwXJk7ybaKjWrJNOy1PIdVUwoWk/vki+nOw38CiO9MvcpCUU0hwbedUdT3GutZoVVPOr9JxmthdJU4dd8vBzLm0PcCUNe5nFX2GPs3QfPv5324BJY/siNKK1KNt0hBdtcBnKqYJREMrvETHsIKbd6SZ6u6fPWpOchPPscVG3xzmHbKpOdKgJbiyFmMKjNU/KJbk9UyP4quM5k5tcBAHty3eQEYuOtGKzYxXuUPVug2p9+2y8rOCilqGA/ltu9VMgQTsD5fknkPPTgCBu1Ju+9adNoXsGFhwSN0vesEEXPL2Uz7XcSM5qQWwVuW2dChZft8KS52jTkEl8+o/9U/mTbt+N2cF+52HmeyRUWEnTIM0uJzES4ESOPruIlIm/9esrLQNi2JdxS9oIGi30o682fVUU/z2LWMN5g4N3y+COiUlrf/kD8jpTcBfz/ij95+mObSAoWcFMuznvXw7E+7ekgxorbMGQ3e3BGPc7WnJ0srSfZLtZ8ceagmLgsidUKM1pi2y8hPD+ZWSk3Lyk0rPXaIkAfHiGuRuSVPNvgMOKz/fqxKCXf8pA07b0s4hj8y+lqKyVQvbcRiv5n9Iqt9vffuOoOObbz65wEy0WJinqKYRcH+ftOUzdc4aq6R8m58NyK9ObXAQB7ct3soV5VJF9m6LYYh0kB91GgD++jdtZKdMrhcSK18ZjIRbN9pURekUqCrOsFXbSyt6uy0ML/It0B4gRl/uVqjDetg8CloRBd2dvLCrAXsH+kLQC4JzgjZJ0+HJOAJPaRustUN6iB1ThmVFFY2XFg2840BdEVbgHwycJ+BO5X6a6vF8R8O/+M8BxLSRxtt1Vaj0Uyfk9Y+NV+wRA5UvIx9Q8LuZ0qm0pW9njOwWuaVw1lQBR238fWNHJhWhNFLjo+pV0QLT/stTSRA8HyWxTjemIL4jNSuTEqtWpx3UIi1Z+LV/+gXey6Inq17Kr2d6ZKhWT2abcBbvEILtq6mBEh+J/8PAU5NbPhq0UoQcbZJBUgFWKBgH+/Vl3VisjmYHMAPBPjBoGGSrkWCFkUbmJORC5lE4e37tTsj135FG5iTkQuZR+kDRNtgieYOrqYESH4n/w+tC8tNhXz7+VACOGdr+FNa8nJJyFZBrO8dz5YvrnGJhsjflvlaNJe1iKHlhwPz2kXGsihbTZRITsux7xx6lUdvBFHHg7Ym7KU2HUCx7P18m8DT37vgCQ9glCxWEME4SlFHE16Y2REj+sOYE8G8LPdRL6YeuNL8bQ6HcUq6PkfIFsOOgM3XfqYdkd3E1WKkMqY9MfyTYTgYkti5Qa3NkQMCAFv6WmsWJztc7Hj8uluu6vWYbf0BA0q9J1ZWAanRRvmZtC5vzGgop0r8tAvsYfRT/vkjubSmeJehlAvp1De7e4HNsUiR+M7VtCeLGZNav4+XjqgkGo0o8mBqwC0bibhLBUI/swcLwEpdCxghhySKhwmZfmff3or0ye/Gsjy8OCpPWUEqFd5b8sxINRbS1GNa1gBqd0dSgMN3Ez7XR/ASnOduDAriMWkh7TVr9HP0Waar1TY8Ez+UKgdD5/kVF4FP+AXIyw/WsKkWaOwoFAfDYdIlWRG1XWBX6umX0max0incF0t405K2IEWEOE4UCq63AU5NbPhq0Um6sXdYWZpGlUcEAWsjjFNh6Vrj63C1kyfL9PaSy5pJe+g+CBnNlNkNV+vPZMjQJt7lD8rlwr4Ctyd63OGM/5SrBb80rhfey80T5VDaYVq1iGJnI2AzYyteYvH4wnSTRGHeuXHZZcKb5PC0ZTJ1xAsgP3yu3WzhWT+EMVtCcI8B+7tDtZU8gz4623tHh618tpLqHhU1jWh/mY26jfmiLvyPsR33lc3qGUkuetUGRrkgnt1DyC1Lg1qggMGoGQZzMbOZJvp+B+UU1U6wSTTvaEF6dYQ47js21E52IUhXbcu/4ts8lyoJ+YZudiFIV23Lv+OSv4Tlm14ByN9j7lH/QKDrJqWR4BKpttmOVMFl3mDwlByBDrcZCqVDehv+7aX4kwwFRhbbYD338cHRkhmda4u0dR7EZLFz26rkmMFQNy51vmRyTxaGSJchS8jtgzzAyjG4Iburq1+lJavxc4igt8NSCTmfx5qqDNWcli/2rE4hgg8McVYXImWcjzmPDFLP984PDHFWFyJlneEDxRQmZNWxDeogdU4ZlRfrvbt+tZFH8XRFW4B8MnCcvpw8wsXGDq0dSKed1FoHtT5Y511xj6yEn5PWPjVfsEQOVLyMfUPC7mdKptKVvZ4zsFrmlcNZUAUdt/H1jRyYVXFq2z3yjQETB3CXlWx0XZ4uoT5QWmtktpYDH6Ww7fGPkr+E5ZteAcl2hyPIxi8Z088NZaFHkWqnuS+EXNmsiObiF7dY0uGba6pMUERi1xuLJZ8H0CduLRYSozBQrFF9qIBFr9r7ErVhBwjbT3CSB8Gg7dBLIRhXdNrIQEWJzICv9V4kfPVuAXxnU2hB8cDwsfFZgei3IYndSZzuP2WFPCVxbKIR/2h1x+1YFFY/4MHrKr2d6ZKhWT9JgF5942uLOq6mBEh+J/8NMhVFCPyMvEQtiEh7TSZ50zCaEAQUd3i7GdRrWE43XgpFG5iTkQuZRqeMq/Z5DJjOrqYESH4n/w0yFUUI/Iy8RLpvm6fQ2D+ZZcQH6CpwuZGsTtajvnKDfg8McVYXImWfxkMh+DgxSHQULKPqK1w+81T5TWwpjaoUxxCuROz0mR6w4EsCV9C2Yf+O6nT4WOgkoviV9+jUSSTqbfI7Mxc6yb1xPk89/AZpDer9xncTCFsC+i6rsw0efjcVl/aljA28HXcMNeP+Xz7sr+Xwn3ZNvty41J170mzaYjPGExxzhC1DhxUQcS2CjjGFmJbdV3uVThKpWGyzAoh1HsRksXPbquSYwVA3LnW+ZHJPFoZIlyFLyO2DPMDKMbghu6urX6UnqIw9tB4s48vW8hXSJ76xE34eecVpCvjpupe8Ft27rlk5tcBAHty3eQDD39FmDnkyLw6UPLBjLtveQTp5wQ7Qwl65nr+6/ABShKkomAfpkTV3Yatj34xOcdN/ulN2NKtgH6ZIdbTZURUCUb9L3RGygqDKGFjQlbtq7eLk2PL1KRoBNbPF+wD8U0IWlYfLSKvZ1Op5W44F96n1p50ZnfLNi2mMg0V7h3j+ohoULfL7YQ9ahZKlp4XMt3/2h/5c2mhrChaT++SL6c7DfwKI70y9yxF0an2XZjJ91Pca61mhVU9kn6KJ8FxAoY1E8VWhRQPSOcrvThCLiU2v+8KvMFYjvJUO5St9Bqh/f4avxY64Shouy4CGg8XddL8EubdfzY5/MxngNmEtTkHKRmiHko/U/u1eFKkKy6tH878cgCfNlOlPMUqYszvfDGElDsNwc6cCnwDIG/c7nDU5tcBAHty3eQDD39FmDnkyLw6UPLBjLtg631obwMEhVKqOQJ372r1+O5Z4hMdbe+knl2KL6MW8ZMkwVrYrUjEenDBZGqS0KQncDh/EYi/tZSdWVgGp0Ub4IfLpI8dWwFi//2ixUyyIB0yhneuOmU+7ApCw32fG9YlE752fCOYBxE/K4t7oQ0Qr/J65wSGkjE0WKhQHjuaGY7NBZHl/93Qz3dVSq/wSSbzgwcaavK0bq7C4IhqXH/EgTb9AjbelfzQ3LIRVCjwqQHCKw3HyW0WsBL1KzGPt93DQk6ilUvigbqgMeW2GRQXB6Jh8TS/hNGd852YLe1i6lui6fSNchJlp4WqX+0IHVa5gmAzNPOXRtAEn4ZjUAxFS363LQ7R42gSNnTULpiJV2TDNzxGLo02Cw38CiO9MvchGAqU0KKLXZdT3GutZoVVN2MFXJtrKmLkFlS+cIn9wOaOAVfrymZu05/7+w7jA5Tzju1jDlz28dwAY10izm7DZ+NosXQgRX225DsWyE40bEGJSjVj9sUTDdzzGdUOG8SuzOMS1CswaIHQCf5Ui7idJJ1ZWAanRRvsAGNdIs5uw2fjaLF0IEV9vQQwoeBKHkkBiUo1Y/bFEwDbxW50Ehu+9ObXAQB7ct3ml8vKqr1pNfi8OlDywYy7ZFdYjX2darE0BTmI7eyySGH4KNWIxDuI7W8P0elyoo+MOxeBPntjotLhuauViWFM5P96mu3ESQ138

Emails

[email protected]

- Target
  
  0323b4326bd6674f7d78360bb6544c4b34067066dda31e45edee91dec021e702
- Size
  
  208KB
- MD5
  
  aa5abadf25aa3f30c1c83c5d43a7ee8f
- SHA1
  
  ff50650068de776d2c0a8962cbccd7ffc431327a
- SHA256
  
  0323b4326bd6674f7d78360bb6544c4b34067066dda31e45edee91dec021e702
- SHA512
  
  033139017097fc0b5f296f9a861ee0ebc2faacb0a9ce172898a5765906010cce4bb30d7436afaeafe131b25ff2c51362825e25c60b2ab9d858672a555b28d7fb
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2
- Target
  
  0898a80dc248a7931f8e2bf76a22a0a8d54b39a815e3fe810a2a190c50017892
- Size
  
  124KB
- MD5
  
  b16db2ad22dfe39c289f9ebd9ef4c493
- SHA1
  
  23ccb60927905eb9be2a9ee4230ebac0836b611c
- SHA256
  
  0898a80dc248a7931f8e2bf76a22a0a8d54b39a815e3fe810a2a190c50017892
- SHA512
  
  5a95bda6dd3761e1a7967562c8dd1b5bf68ce7ac5e7a0c345465c012f9baa7f668080f9998cb29d8e45ba43adb3fd104ef62380818d2eab5ecf2a1e19e5b95e1
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral3 behavioral4
- Target
  
  0aaecf7f77132def96c13d480e32d759839fd65fa76c73e29f0f53c50714c591
- Size
  
  468KB
- MD5
  
  9296a9b81bfe119bd786a6f5a8ad43ad
- SHA1
  
  581cf7c453358cd94ceed70088470c32a7307c8e
- SHA256
  
  0aaecf7f77132def96c13d480e32d759839fd65fa76c73e29f0f53c50714c591
- SHA512
  
  64955ec13d7e874d8aeb9490b2ff814473e02ef93eb071bab460add8b5966f660ddca1ba80cf1055f7d2c5cccaf4ad62d908356547c8c13387e622e5dfc849a1
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  150e8ef3f1b0d5b5b2af2ffc8d540cb0e36ecdcaf5001bab2f318e36a3c25302
- Size
  
  261KB
- MD5
  
  4de76198ea4488eae192d0ca4e4bd66b
- SHA1
  
  5ac5585b13ea356969b168b86df12053a6de4ee2
- SHA256
  
  150e8ef3f1b0d5b5b2af2ffc8d540cb0e36ecdcaf5001bab2f318e36a3c25302
- SHA512
  
  db6c2ebbd9d01ebf8af3e68ef8e938c7b6da2c0eef5fc22f63fe69665c56ec19c2d241558984e03afb116b98a4e7dc2b0f4aa8dadd90f44caf3f72ae5f2ee52f
Score

10^/10

spyware stealer ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral7 behavioral8
- Target
  
  23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f
- Size
  
  121KB
- MD5
  
  7364f6222ac58896e8920f32e4d30aac
- SHA1
  
  915fd6fb4e20909025f876f3bb453ec52e21b7be
- SHA256
  
  23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f
- SHA512
  
  f5e2b5a17ed04c7edb904e867cec2f66a59b887176bd3e25803e82a390fc36fc47002df747099ca4e6960f020afe1137f4ba24b28613423b5de0b09ff7048026
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral9 behavioral10
- Target
  
  28e7dc4aebbfea61a2ad942f00ecab3bbb32a636679587a6fbd6c8dd69a0ef33
- Size
  
  321KB
- MD5
  
  04ba14a9828b000add142d0bcb42ac2d
- SHA1
  
  928a705a481384dee3aa9985bb2a9e1e6827902f
- SHA256
  
  28e7dc4aebbfea61a2ad942f00ecab3bbb32a636679587a6fbd6c8dd69a0ef33
- SHA512
  
  2fc56d6fdf360c0435f76822f3d99288c3b31462931eb128c7ed895bf93d88b00663801c1a5394b1ae5bb081ac76b004deaf46fdf2b0b9c027b2945a7c030909
Score

10^/10

ryuk persistence ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  350b0d6ae25e81c8394b119f4d569c083df8d17e6241d8efed0858cf91c745d7
- Size
  
  353KB
- MD5
  
  2d438f5ca86f9813dd17346c8865bd4d
- SHA1
  
  65b2e9be5770e294bed07fa9b5ecfdadb94203c3
- SHA256
  
  350b0d6ae25e81c8394b119f4d569c083df8d17e6241d8efed0858cf91c745d7
- SHA512
  
  dd979e28370fbb5606cdcd14c0ded0be1a8e6cbd98d8ae57d4e1c97ef47e0b2387462b66914cf600d3a93dfdb794addc4b29d7ff40948a761a968d3527e4db3c
Score

1^/10
behavioral13 behavioral14
- Target
  
  3a6ebac4f83f8b9088c9e00a25d88a56fb7e46b7b8a03158682a5d7d28f0f6ca
- Size
  
  200KB
- MD5
  
  ad3a5956dc4e8fd6a62671a6204d11b9
- SHA1
  
  aac34bd5c2f8e63dca20034f24384c2ce1d641b5
- SHA256
  
  3a6ebac4f83f8b9088c9e00a25d88a56fb7e46b7b8a03158682a5d7d28f0f6ca
- SHA512
  
  23edec2ddc72277efca922dc7c66fef2220d0ad3709b277c236bd883214e423143a947ff48ec2a8b57b1835b715a06b39b7d1c2a423e62dc4166ad5097742f13
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f
- Size
  
  279KB
- MD5
  
  5df4ac6e94ae7e9f9eb28d8f7f464946
- SHA1
  
  79f222f94fa265896c5e4578b91ed4ebc100058d
- SHA256
  
  3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f
- SHA512
  
  18826a1cb94e73402c279607d1348ba532966fe3223cbeec9cfb534ab425966fadeb001bc80518411b2f8c8d884b2936779950fbc0c5f48dfc01d33e766f749a
Score

8^/10

dave
- Dave packer
  Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
  dave
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  41367ad447e3d86176713af7776c1ab22d5fc7fd0fe9584f14d201b9bf071700
- Size
  
  544KB
- MD5
  
  526fa2ecb5f8fee6aec4b5d7713d909a
- SHA1
  
  51aea2a2b88fb44d5b7ec5d52b47c8b83d9d724a
- SHA256
  
  41367ad447e3d86176713af7776c1ab22d5fc7fd0fe9584f14d201b9bf071700
- SHA512
  
  f8859f16c605622edb196f58d013058092824f3d20d207d8b0ed26d2aa4dd8d2c2d1034d5d9aa73974a605c2a41f4c569f33d43d1a6c640f2f9723c721c9e0a4
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral19 behavioral20
- Target
  
  48f4749f13582fea3e9bcc6775cce82c3c6391d2d58acd98b99d1e6acc810277
- Size
  
  353KB
- MD5
  
  c1da8e9bc9dcf68ed2e281049e11740d
- SHA1
  
  25e8fe884ca927e91142dacaaf92fcb544da0058
- SHA256
  
  48f4749f13582fea3e9bcc6775cce82c3c6391d2d58acd98b99d1e6acc810277
- SHA512
  
  68ed339320ae064f4245e68f14bc16275766d730c780392150755db474344582d405dd58ba5f5fde18b3057bc61f453fad6df78996934de48873c0ca2d4481af
Score

1^/10
behavioral21 behavioral22
- Target
  
  499d936c223743c3d2a40c3b7b1f974cedb98951f846b163d0f17d2d38ffc282
- Size
  
  116KB
- MD5
  
  be0626010b7f7f47f7416dcac841edb5
- SHA1
  
  d377e8211ae7a5249758402a170362164f1d8498
- SHA256
  
  499d936c223743c3d2a40c3b7b1f974cedb98951f846b163d0f17d2d38ffc282
- SHA512
  
  fe9091bc9fbe089ca541213ce6f33167832d4c18aa5713da8ff77266245ad3741d4cd3341b87156949f2b2e9c344090eb6f5ea36149a23ed4989467766c0b50a
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral23 behavioral24
- Target
  
  4b5a6926ab9b487fca2d33ba00b4e25f731bc52a3222a6ef3141b8703c1e2cd1
- Size
  
  253KB
- MD5
  
  d57bb1c7e710dbae2444505a2127f6ac
- SHA1
  
  26b98cf0f844ebf5ca0ff2d8f9c572a90c8e9c1a
- SHA256
  
  4b5a6926ab9b487fca2d33ba00b4e25f731bc52a3222a6ef3141b8703c1e2cd1
- SHA512
  
  ccf3520d9634755a9e270fde3267776f0fcfa0f73a26a951439f2e7ade52a73b5c20207bf270e18fdf9042033cf45cc3de1842fe3a4529232a36f1b665753766
Score

1^/10
behavioral25 behavioral26
- Target
  
  4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581
- Size
  
  143KB
- MD5
  
  b77cc8a1ede23a80a4a4c9d0a8b40735
- SHA1
  
  254c97abab837687c779b57c7ef1bec4c1e2351a
- SHA256
  
  4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581
- SHA512
  
  f94546161808210ada027d03465f88336de4f2d24581801566f7ff17a9641b389c43946a98275ed637759a0205b8d09f9028d26bb75ab44e3f7038c5b4667ffd
Score

10^/10

ryuk persistence ransomware spyware stealer
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral27 behavioral28
- Target
  
  5de3d5a33745739259fc03cb5a7852440c135f960e8516d92181cd16ba76e2ed
- Size
  
  140KB
- MD5
  
  75a3cf8ced873ee7bc415e27e108496b
- SHA1
  
  ac94165d63c75f4adf1728aa2ecb776ac7c1c18e
- SHA256
  
  5de3d5a33745739259fc03cb5a7852440c135f960e8516d92181cd16ba76e2ed
- SHA512
  
  7c3e166ff75ad32f70bfb355167333be4f9bc5b5740a231b4a1fb5c391bd8e137ebea6a3ba5370797f016cbdb83631bb5e459e0bc64beb3246ed9605b3bdb903
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  5e2b2fe65df310fe6c81acb628701c1847e772f7cf49aaa486e298a86ae85620
- Size
  
  170KB
- MD5
  
  209e3cc5afd55350bf92c13c2e38e49f
- SHA1
  
  57219932cfc98a94179337ea9aa82d9fcf2cbcd2
- SHA256
  
  5e2b2fe65df310fe6c81acb628701c1847e772f7cf49aaa486e298a86ae85620
- SHA512
  
  142135a9623cfd47d3ff85a90ac836cf18805a81dd382e7841a0980cca65ae3175c5e261720c06f6dd159988b594f4d52eb3c2d26529eea39651702b45ca00cd
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

File Deletion

T1107

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Executes dropped EXE

Drops startup file

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

Ryuk

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

Ryuk

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

Enumerates connected drives

Ryuk

Drops startup file

Reads user/profile data of web browsers

Ryuk

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

Ryuk

Modifies extensions of user files

Drops startup file

Adds Run key to start application

Ryuk

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

Enumerates connected drives

Dave packer

Executes dropped EXE

Loads dropped DLL

Ryuk

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

Ryuk

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

Ryuk

Deletes shadow copies

Modifies extensions of user files

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Ryuk

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3