Extracted

• • Target

    goBnh.exe

  • Size

    152KB

  • MD5

    32cbc69f85cc47d8e35dc20dfbda6948

  • SHA1

    35dd5239977c2922a06389061cca846ec09453bb

  • SHA256

    795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f

  • SHA512

    f485a56c783dba3c15d691709a6736d5589194ec8f54e8d01342e7d6f4c54b4a56eae0fa49e150e8a13780fcb7e2e50337c8eaa026baf51774527351b365a25c

  Score

  10^/10

  ryukransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Drops file in Drivers directory

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2