Extracted

• • Target

    b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9

  • Size

    147KB

  • MD5

    6c0bb20e1158593211a7cbcbacb3dd83

  • SHA1

    3a74a3aafde31b4f129e515baabe9833bf359f8e

  • SHA256

    b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9

  • SHA512

    7b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d

  Score

  10^/10

  ryukdiscoveryransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2