ryuk

General

Target

703ee3222eccd0e355b9ef414be9153fa3a2ad8efb8176fee887d7744a9f632f
Size

117KB
Sample

210609-815p6f8gt2
MD5

31db87c5d3b970b42cb577611f851c7a
SHA1

8cc6a1f94514033ad8b15c3c4c720fb0eac249f1
SHA256

703ee3222eccd0e355b9ef414be9153fa3a2ad8efb8176fee887d7744a9f632f
SHA512

d00d566f7385accd173669c9f8f6868626287e0ed4a6a08b174af9f6d054b70aed3babfa91450caa085134a2e75db42802a9cc11790c923ece3a4042d161be4a

Score

10^/10

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = 'PrWUilDMFi'; $torlink = 'http://rdmnobnbtxh5sm3iiczazaregkpyyub3gktwneeehx62tyot5bc4qhad.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://rdmnobnbtxh5sm3iiczazaregkpyyub3gktwneeehx62tyot5bc4qhad.onion

Targets

- Target
  
  703ee3222eccd0e355b9ef414be9153fa3a2ad8efb8176fee887d7744a9f632f
- Size
  
  117KB
- MD5
  
  31db87c5d3b970b42cb577611f851c7a
- SHA1
  
  8cc6a1f94514033ad8b15c3c4c720fb0eac249f1
- SHA256
  
  703ee3222eccd0e355b9ef414be9153fa3a2ad8efb8176fee887d7744a9f632f
- SHA512
  
  d00d566f7385accd173669c9f8f6868626287e0ed4a6a08b174af9f6d054b70aed3babfa91450caa085134a2e75db42802a9cc11790c923ece3a4042d161be4a
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Drops startup file

Loads dropped DLL

Modifies file permissions

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2