Extracted

• • Target

    splendid-plant

  • Size

    170KB

  • MD5

    fe51255c009bbc4f74186e7a5db0f81b

  • SHA1

    b41894d7ba1402106856d49c1e42d61caf51d1d4

  • SHA256

    d6c3287fb1bf01e11339acaecd09ef4adbdd8bd2644dcb4feeca862025b46a39

  • SHA512

    686fb913c2a25e34ffb92634960d5cc13e50b9399138aa6ad712c106b66802204e55da3d1b0d8e5aa38f21a41477ba84d02b289e99c366a711e1a27d6ff3e15d

  Score

  10^/10

  ryukpersistenceransomwarespywarestealer

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1