General
-
Target
red-necessary
-
Size
171KB
-
Sample
210427-xtq2b4mr86
-
MD5
8819d7f8069d35e71902025d801b44dd
-
SHA1
5af393e60df1140193ad172a917508e9682918ab
-
SHA256
98ece6bcafa296326654db862140520afc19cfa0b4a76a5950deedb2618097ab
-
SHA512
41ada66895e76a0ba3cf1feea4b9cb4c76d2df1b801c44a1d333cdb8c737001ab9dcc9ef35ba8f1a87d329aa23eeca0729b2279e1955d6657172a3593627cbb2
Static task
static1
Behavioral task
behavioral1
Sample
red-necessary.exe
Resource
win7v20210410
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
17v2cu8RDXhAxufQ1YKiauBq6GGAZzfnFw
Targets
-
-
Target
red-necessary
-
Size
171KB
-
MD5
8819d7f8069d35e71902025d801b44dd
-
SHA1
5af393e60df1140193ad172a917508e9682918ab
-
SHA256
98ece6bcafa296326654db862140520afc19cfa0b4a76a5950deedb2618097ab
-
SHA512
41ada66895e76a0ba3cf1feea4b9cb4c76d2df1b801c44a1d333cdb8c737001ab9dcc9ef35ba8f1a87d329aa23eeca0729b2279e1955d6657172a3593627cbb2
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-