Overview

overview

10

Static

static

23e95ba676...7f.exe

windows7_x64

10

23e95ba676...7f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

  • Size

    121KB

  • Sample

    210710-xebwb6wmen

  • MD5

    7364f6222ac58896e8920f32e4d30aac

  • SHA1

    915fd6fb4e20909025f876f3bb453ec52e21b7be

  • SHA256

    23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

  • SHA512

    f5e2b5a17ed04c7edb904e867cec2f66a59b887176bd3e25803e82a390fc36fc47002df747099ca4e6960f020afe1137f4ba24b28613423b5de0b09ff7048026

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = 'RCCF8gd'; $torlink = 'http://rdmnobnbtxh5sm3iiczazaregkpyyub3gktwneeehx62tyot5bc4qhad.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://rdmnobnbtxh5sm3iiczazaregkpyyub3gktwneeehx62tyot5bc4qhad.onion

Targets

    • Target

      23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

    • Size

      121KB

    • MD5

      7364f6222ac58896e8920f32e4d30aac

    • SHA1

      915fd6fb4e20909025f876f3bb453ec52e21b7be

    • SHA256

      23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

    • SHA512

      f5e2b5a17ed04c7edb904e867cec2f66a59b887176bd3e25803e82a390fc36fc47002df747099ca4e6960f020afe1137f4ba24b28613423b5de0b09ff7048026

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.