ryuk

General

Target

b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
Size

147KB
Sample

210710-ed82t5s2je
MD5

6c0bb20e1158593211a7cbcbacb3dd83
SHA1

3a74a3aafde31b4f129e515baabe9833bf359f8e
SHA256

b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
SHA512

7b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d

Score

10^/10

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = '2cvCR2CMQ1qi'; $torlink = 'http://hqcqsw6et744hz7tx7rudmerk6fjyifovm6upec4ceqjndbmu34vs6yd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://hqcqsw6et744hz7tx7rudmerk6fjyifovm6upec4ceqjndbmu34vs6yd.onion

Targets

- Target
  
  b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
- Size
  
  147KB
- MD5
  
  6c0bb20e1158593211a7cbcbacb3dd83
- SHA1
  
  3a74a3aafde31b4f129e515baabe9833bf359f8e
- SHA256
  
  b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
- SHA512
  
  7b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2