Overview

overview

10

Static

static

b218ea3533...f6.exe

windows7_x64

10

b218ea3533...f6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6567314512969728.zip

  • Size

    182KB

  • Sample

    210330-vbmy3h31yn

  • MD5

    e1ecd73648bbd289139e6b18e0e5b3a9

  • SHA1

    a580daf892dfe73be5657913b3c51710c4edad86

  • SHA256

    fbb346ad0acdc9e1926d5326f5738be955818e4ec19217e0de357ba3930731ed

  • SHA512

    c99b653a6dbe66de9e44c0b5db963a397a61008ffb676e9a37953699f36c148c132842fce925295ec2532e4015878f3d87d479fd30fa38039d95456f03d22651

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = 'rikzcUO'; $torlink = 'http://lgjpuim5fe3pejmllygcffape3djui6k2a5pcbpuyvps3h4ajb7yf4id.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://lgjpuim5fe3pejmllygcffape3djui6k2a5pcbpuyvps3h4ajb7yf4id.onion

Targets

    • Target

      b218ea35335833ba6dab543183314754db42bace4e62cf5950447c743b0ea4f6

    • Size

      322KB

    • MD5

      d5793b66a9a31f2ebfea5f9804d77dab

    • SHA1

      4f98055913500597daba98d6fd6321d007a4c271

    • SHA256

      b218ea35335833ba6dab543183314754db42bace4e62cf5950447c743b0ea4f6

    • SHA512

      06dd7deaee850fe4fc48bb8e1f5fd7b7f152ec922318953a4ef61b18ba1f5e60785dbb3b6d14d87b4e61613bfdee2d23a6043213411d2b788a6736286db9170a

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks