Extracted

• • Target

    1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56.sample

  • Size

    159KB

  • MD5

    cb0c1248d3899358a375888bb4e8f3fe

  • SHA1

    b72e75e9e901a44b655a5cf89cf0eadcaff46037

  • SHA256

    1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56

  • SHA512

    298668596ab422c93ebedf41bc5751941c2646df5bfaf7f374beb207bf38fa6d223186984d71ef25b2c21e068870c9c5cf11626b99350f8799fb0ebaca4a4cee

  Score

  10^/10

  ryukpersistenceransomwarespywarestealer

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2