ryuk | 74654957ba3c9f1ce8bb513954b9deea68a5a82217806977a1247fb342db109f | Triage

Resubmissions

13-07-2021 07:27

210713-ndxveajg2s 10

Sharing

General

Target

74654957ba3c9f1ce8bb513954b9deea68a5a82217806977a1247fb342db109f
Size

186KB
Sample

210713-ndxveajg2s
MD5

45f643feeb41a49320ba6bfdc2968f4e
SHA1

572c0f765ab89777ef63dd00f6c7970bc0219e06
SHA256

74654957ba3c9f1ce8bb513954b9deea68a5a82217806977a1247fb342db109f
SHA512

326b14e3e577eb8839a514f6313b45470f15ab9af90d7213ebf471015ceccbc2926282384ddabceac33ef2c2cfef7e3b04743f19dc7c1f4d11fb0a423bcd3d0e

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] [email protected] balance of shadow universe Ryuk

Emails

[email protected]

[email protected]

Targets

- Target
  
  74654957ba3c9f1ce8bb513954b9deea68a5a82217806977a1247fb342db109f
- Size
  
  186KB
- MD5
  
  45f643feeb41a49320ba6bfdc2968f4e
- SHA1
  
  572c0f765ab89777ef63dd00f6c7970bc0219e06
- SHA256
  
  74654957ba3c9f1ce8bb513954b9deea68a5a82217806977a1247fb342db109f
- SHA512
  
  326b14e3e577eb8839a514f6313b45470f15ab9af90d7213ebf471015ceccbc2926282384ddabceac33ef2c2cfef7e3b04743f19dc7c1f4d11fb0a423bcd3d0e
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1