Overview

overview

10

Static

static

2a0044c959...le.exe

windows7_x64

10

2a0044c959...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a0044c9599a21c45ca22f9abd1e8a3093b3c4046b328968c949a651e6f70357.sample

  • Size

    122KB

  • Sample

    210726-l6thpvn6px

  • MD5

    268c8c879f67be89dbb020bf0844d9e0

  • SHA1

    631ae3e5bb0b791c2926829a00e99154c94621c9

  • SHA256

    2a0044c9599a21c45ca22f9abd1e8a3093b3c4046b328968c949a651e6f70357

  • SHA512

    047ddf54dc13b455528ec3370e02c0ca006bd86b207a6b7dabb86390f0dcf7d194196876fdf44a6e6556a6b32210e71edb2889ff1071fb899795e6373d75fb52

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Targets

    • Target

      2a0044c9599a21c45ca22f9abd1e8a3093b3c4046b328968c949a651e6f70357.sample

    • Size

      122KB

    • MD5

      268c8c879f67be89dbb020bf0844d9e0

    • SHA1

      631ae3e5bb0b791c2926829a00e99154c94621c9

    • SHA256

      2a0044c9599a21c45ca22f9abd1e8a3093b3c4046b328968c949a651e6f70357

    • SHA512

      047ddf54dc13b455528ec3370e02c0ca006bd86b207a6b7dabb86390f0dcf7d194196876fdf44a6e6556a6b32210e71edb2889ff1071fb899795e6373d75fb52

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks