ryuk

General

Target

095cae47da0044f82f4bcc9a5cdf4bc099f3eccd2497b81afcd66c53286bc5f2
Size

304KB
Sample

210611-4ldscwwnln
MD5

b38db96edbdac1684268b98c8dcffce7
SHA1

88d410bfa5810af0b3c6add7b4911f7a57ea7213
SHA256

095cae47da0044f82f4bcc9a5cdf4bc099f3eccd2497b81afcd66c53286bc5f2
SHA512

bee65541a8f563d793e6be861ad7e92183c6cfd36e14e558a9c01267d26c759cbc0871bfd6b66c692dfd2161df42705e9db2d9de2ad45d66471b36a4426eaaa3

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = 'yxFS7vMc'; $torlink = 'http://vqurn5zgys2zd5z5r5fxnfskpzr74i63ehk7ucmrlbvsuszapwoo62qd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://vqurn5zgys2zd5z5r5fxnfskpzr74i63ehk7ucmrlbvsuszapwoo62qd.onion

Targets

- Target
  
  095cae47da0044f82f4bcc9a5cdf4bc099f3eccd2497b81afcd66c53286bc5f2
- Size
  
  304KB
- MD5
  
  b38db96edbdac1684268b98c8dcffce7
- SHA1
  
  88d410bfa5810af0b3c6add7b4911f7a57ea7213
- SHA256
  
  095cae47da0044f82f4bcc9a5cdf4bc099f3eccd2497b81afcd66c53286bc5f2
- SHA512
  
  bee65541a8f563d793e6be861ad7e92183c6cfd36e14e558a9c01267d26c759cbc0871bfd6b66c692dfd2161df42705e9db2d9de2ad45d66471b36a4426eaaa3
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Modifies extensions of user files

Drops startup file

Loads dropped DLL

Drops desktop.ini file(s)

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2