ryuk

General

Target

6356160800915456.zip
Size

380KB
Sample

210330-gqla7ls5y6
MD5

f1edd6e9079c428701bf1ff2c2a91ecf
SHA1

cd3074ba1cc1ee426b631e2b9dc6ff14a66048d7
SHA256

2b23e704cfd8d62a359ef0325bfd4aaef5249cf6567ab8eceb88395978e3291a
SHA512

98fa7540e165557158497ad1e9e955dd4c026b156eb27d62b82c261d65f924e30b5a691fb9847a5f97550b45a20710a3491ddbeb42084e4fb81dea5a3b4f2dca

Score

10^/10

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = 'DQlMnNo'; $torlink = 'http://etnbhivw5fjqytbmvt2o6zle3avqn6rrugfc35kmcmedbbgqbxtknlqd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://etnbhivw5fjqytbmvt2o6zle3avqn6rrugfc35kmcmedbbgqbxtknlqd.onion

Targets

- Target
  
  e803f1a1acf079ff2ca62e02c924840a9334336e762b0992123035427ffbf894
- Size
  
  836KB
- MD5
  
  c5cd1f0fe551a0ce5678a7c9d86e6450
- SHA1
  
  f584c89c1539520f280efd9bcd4cb3da37588979
- SHA256
  
  e803f1a1acf079ff2ca62e02c924840a9334336e762b0992123035427ffbf894
- SHA512
  
  40f9578b711e41cd166b24b8aa0bfb6dee01a8e4a46eb54591e61d97cfc5a83dc58fb4256dc05f756274cda65ad5d680f9e370ad0c825861fd7080e5da5fd2e4
Score

10^/10

ryuk dave discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Dave packer
  Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
  dave
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dave packer

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2