Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
impolite-oil
-
Size
170KB
-
Sample
210427-e76w2fxw9j
-
MD5
dc13d96f8e592de1e29de8a38f4f46dc
-
SHA1
9fb83cf1f940cfdfeeb492fe9f8ec665a2a56aeb
-
SHA256
7c5c340e6ab83c34343b740c9e94612bb1980d773a57b35ca5a4221a4e10215e
-
SHA512
990fe0581a0ec30389a09abd170ec29feff397b06e0c00a91fc0a2111b24b924a631b6779de9c1f9677ad32b54ce578b8bf86a8e011b8ffca2474fe14950e6a5
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
Targets
-
-
Target
impolite-oil
-
Size
170KB
-
MD5
dc13d96f8e592de1e29de8a38f4f46dc
-
SHA1
9fb83cf1f940cfdfeeb492fe9f8ec665a2a56aeb
-
SHA256
7c5c340e6ab83c34343b740c9e94612bb1980d773a57b35ca5a4221a4e10215e
-
SHA512
990fe0581a0ec30389a09abd170ec29feff397b06e0c00a91fc0a2111b24b924a631b6779de9c1f9677ad32b54ce578b8bf86a8e011b8ffca2474fe14950e6a5
Score10/10-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-