Extracted

• • Target

    cultured-rock

  • Size

    170KB

  • MD5

    e2efc62feaf14d7a94ed28e47f9ae0c7

  • SHA1

    5e08bdd384a33fcf96d584bb74971f8eabe5e9ce

  • SHA256

    bebeda6ba1a658d4b36df2486eb7ace1f8ec844e321b65ebd1fb101cef1629a0

  • SHA512

    02c20ebd037aa2aa208525d5bd41a4897299ccacd74ddc2e18bd592147a0e568721fb2f6d99332eb9d711e0547aba0756604155b004c329092ebf9349ffec527

  Score

  10^/10

  ryukpersistenceransomwarespywarestealer

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1