Extracted

• • Target

    annoyed-boat

  • Size

    152KB

  • MD5

    a36bf238e31af66bcc79ea8c774e0098

  • SHA1

    512d84fb8d7197a369f021e45adbaee88fcda158

  • SHA256

    52553630f01c9bedda6fb049aa37e9e1cd60c554fe81b04a1f22ec6b3c5747df

  • SHA512

    00b5b8f9823ab63b153780ad3cc7d0569e39aeb2d48bee15a7a6d68a3358ec345f9065a63106f5401c64aec8580e4801131b55258ade9dec2d826d1781a5d37a

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Drops file in Drivers directory

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1