Overview

overview

10

Static

static

Ryuk

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    thankful-boat

  • Size

    129KB

  • Sample

    210427-8tm9tg9kae

  • MD5

    db2766c6f43c25951cdd38304d328dc1

  • SHA1

    fc62460c6ddd671085cde0138cf3d999e1db08cf

  • SHA256

    aacfc3e386ed12082923d03fa1120d5fa6bf7b8655ba77e04b96a45434fa9a83

  • SHA512

    87bc840be7d0ac2e30712b9bf72da9666e10abfce50cd312f56facdae606ab0c5592b910629442d17577ee521c1b93de07d2e578a446f0e817242c025cc00a2c

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Targets

    • Target

      thankful-boat

    • Size

      129KB

    • MD5

      db2766c6f43c25951cdd38304d328dc1

    • SHA1

      fc62460c6ddd671085cde0138cf3d999e1db08cf

    • SHA256

      aacfc3e386ed12082923d03fa1120d5fa6bf7b8655ba77e04b96a45434fa9a83

    • SHA512

      87bc840be7d0ac2e30712b9bf72da9666e10abfce50cd312f56facdae606ab0c5592b910629442d17577ee521c1b93de07d2e578a446f0e817242c025cc00a2c

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Matrix

Tasks