Extracted

• • Target

    a8a5621ce56adb13d5fdfee1709cf03ee839f98c1912ac0055329fc90de2c2a2

  • Size

    124KB

  • MD5

    45e3bef94fdefd78f8e6bcedd5f43715

  • SHA1

    b875676f6eaf9fd3d9105303015b6d60e7c919a8

  • SHA256

    a8a5621ce56adb13d5fdfee1709cf03ee839f98c1912ac0055329fc90de2c2a2

  • SHA512

    15f90b3be77324ca0e7cd1d487fc5b971782facb528c88e55bb63c30d76106fd941a30bbedd07755089b6d55a2852e82c896ff0f7c0a188b59b20c4ee6543e17

  Score

  10^/10

  ryukdiscoveryransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2