Extracted

• • Target

    gigantic-western

  • Size

    143KB

  • MD5

    b77cc8a1ede23a80a4a4c9d0a8b40735

  • SHA1

    254c97abab837687c779b57c7ef1bec4c1e2351a

  • SHA256

    4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581

  • SHA512

    f94546161808210ada027d03465f88336de4f2d24581801566f7ff17a9641b389c43946a98275ed637759a0205b8d09f9028d26bb75ab44e3f7038c5b4667ffd

  Score

  10^/10

  ryukpersistenceransomwarespywarestealer

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1