General
-
Target
splendid-plant
-
Size
170KB
-
Sample
210427-sc77hsdsc6
-
MD5
fe51255c009bbc4f74186e7a5db0f81b
-
SHA1
b41894d7ba1402106856d49c1e42d61caf51d1d4
-
SHA256
d6c3287fb1bf01e11339acaecd09ef4adbdd8bd2644dcb4feeca862025b46a39
-
SHA512
686fb913c2a25e34ffb92634960d5cc13e50b9399138aa6ad712c106b66802204e55da3d1b0d8e5aa38f21a41477ba84d02b289e99c366a711e1a27d6ff3e15d
Static task
static1
Behavioral task
behavioral1
Sample
splendid-plant.exe
Resource
win7v20210408
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
Targets
-
-
Target
splendid-plant
-
Size
170KB
-
MD5
fe51255c009bbc4f74186e7a5db0f81b
-
SHA1
b41894d7ba1402106856d49c1e42d61caf51d1d4
-
SHA256
d6c3287fb1bf01e11339acaecd09ef4adbdd8bd2644dcb4feeca862025b46a39
-
SHA512
686fb913c2a25e34ffb92634960d5cc13e50b9399138aa6ad712c106b66802204e55da3d1b0d8e5aa38f21a41477ba84d02b289e99c366a711e1a27d6ff3e15d
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-