Overview

overview

10

Static

static

Ryuk

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unequal-oven

  • Size

    152KB

  • Sample

    210427-n6wltgy33e

  • MD5

    7a7b1300e8b5a10424e08958a6fc15c1

  • SHA1

    9db96b1a4bff1ffc6b945360cc5cc363642ffc94

  • SHA256

    501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9

  • SHA512

    ce80e5313fad830387fb758ebfbe5c77976532acfece81fc57978399261a5b6ffb3a89f0ded288483ce38f21bf9fa8f6052e4afeeec1ab202a809ecb7722eb30

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Targets

    • Target

      unequal-oven

    • Size

      152KB

    • MD5

      7a7b1300e8b5a10424e08958a6fc15c1

    • SHA1

      9db96b1a4bff1ffc6b945360cc5cc363642ffc94

    • SHA256

      501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9

    • SHA512

      ce80e5313fad830387fb758ebfbe5c77976532acfece81fc57978399261a5b6ffb3a89f0ded288483ce38f21bf9fa8f6052e4afeeec1ab202a809ecb7722eb30

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks