ryuk

General

Target

66285517_by_Libranalysis
Size

68KB
Sample

210524-fz9v2l9jcj
MD5

662855171d4d584db3f36a4047a855f6
SHA1

c9e3193313e39ec9e9acc86701fa61441a2a6f52
SHA256

60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df
SHA512

0eab323cf31c76c1c4ca28b8a9ebfe063905ab6b10b796f65cb9c35d157a5620933a0de65ff63c540da2ae7e2080c85160febf8faffe48e3fcd415ca8f808b64

Score

10^/10

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = '8x0nKKx5'; $torlink = 'http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion

Targets

- Target
  
  d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9
- Size
  
  131KB
- MD5
  
  2cc630e080bb8de5faf9f5ae87f43f8b
- SHA1
  
  5a385b8b4b88b6eb93b771b7fbbe190789ef396a
- SHA256
  
  d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9
- SHA512
  
  901939718692e20a969887e64db581d6fed62c99026709c672edb75ebfa35ce02fa68308d70d463afbcc42a46e52ea9f7bc5ed93e5dbf3772d221064d88e11d7
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2