ryuk

General

Target

9b40b0d3b228d9e958c8d45fb8cec64c6851d113.exe
Size

272KB
Sample

210422-cwqyd3nmmn
MD5

975f776f11c6d36621ba5a9da6151aa2
SHA1

9b40b0d3b228d9e958c8d45fb8cec64c6851d113
SHA256

ea67e662ba55629b40d0eddbaaafc824e5809f31c9e35222104637a67615c51d
SHA512

6d0bae9d7b4147010542ac28ba36b151d22e2a30a63ec6ac37fa112230cd575a830b23ac389a394ad3bf9cb8293869c30be8cc92614e9bab31b366155bf6edc4

Score

10^/10

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = '2neBqEej6'; $torlink = 'http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion

Targets

- Target
  
  9b40b0d3b228d9e958c8d45fb8cec64c6851d113.exe
- Size
  
  272KB
- MD5
  
  975f776f11c6d36621ba5a9da6151aa2
- SHA1
  
  9b40b0d3b228d9e958c8d45fb8cec64c6851d113
- SHA256
  
  ea67e662ba55629b40d0eddbaaafc824e5809f31c9e35222104637a67615c51d
- SHA512
  
  6d0bae9d7b4147010542ac28ba36b151d22e2a30a63ec6ac37fa112230cd575a830b23ac389a394ad3bf9cb8293869c30be8cc92614e9bab31b366155bf6edc4
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1