ryuk

General

Target

09a0e87008e34a7a434c5d853600f693ab9de181e1f863ef6a90edf8c3fccd54
Size

131KB
Sample

210710-pstywdffrj
MD5

a5e03a5150537126dffcf2391dfab934
SHA1

9a2155e3b5471ca8321e8c74edb277c9a8e756e0
SHA256

09a0e87008e34a7a434c5d853600f693ab9de181e1f863ef6a90edf8c3fccd54
SHA512

a9e69f88ff83e6a6d15756c47bdcdc6b7af5947630e0d8e886c2d66c3c2cb4ce33c792a9475ba5d7c2bc3ab13cc25172ff10f51a9fa2852d6a6528fd4edc99f9

Score

10^/10

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = 'mnEoEqW'; $torlink = 'http://ojaiemvqphz6dgg7gncqpdlbx2aoisftpwvrhda67uth6ncuax2ghyad.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://ojaiemvqphz6dgg7gncqpdlbx2aoisftpwvrhda67uth6ncuax2ghyad.onion

Targets

- Target
  
  09a0e87008e34a7a434c5d853600f693ab9de181e1f863ef6a90edf8c3fccd54
- Size
  
  131KB
- MD5
  
  a5e03a5150537126dffcf2391dfab934
- SHA1
  
  9a2155e3b5471ca8321e8c74edb277c9a8e756e0
- SHA256
  
  09a0e87008e34a7a434c5d853600f693ab9de181e1f863ef6a90edf8c3fccd54
- SHA512
  
  a9e69f88ff83e6a6d15756c47bdcdc6b7af5947630e0d8e886c2d66c3c2cb4ce33c792a9475ba5d7c2bc3ab13cc25172ff10f51a9fa2852d6a6528fd4edc99f9
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2