Overview

overview

10

Static

static

Tes (2).exe

windows7_x64

3

Tes (2).exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Tes (2).exe

  • Size

    154KB

  • Sample

    210820-d2bzkam6j6

  • MD5

    c77b4fb1f7ecbc8fb310b79bd5feb68c

  • SHA1

    47eaa1fd7524a0a34b5112c7b270f0747f9d0a51

  • SHA256

    3a7b94a46f82a62500f5bad83c351252262e86a6577b5423eb2ebce12f2f54e8

  • SHA512

    d5e08fd632fe081c8cc085c91f234add57a778b9b4f37d402399cd46d5cfefe65b8c6ff89c47348e1b3ae844b0d772a3be0a27e0a4367712123ee03a9f36d724

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\EncReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk function info(){alert("INSTRUCTION:\r\nEmail: [email protected] \r\nWe will contact you shortly.");};

Targets

    • Target

      Tes (2).exe

    • Size

      154KB

    • MD5

      c77b4fb1f7ecbc8fb310b79bd5feb68c

    • SHA1

      47eaa1fd7524a0a34b5112c7b270f0747f9d0a51

    • SHA256

      3a7b94a46f82a62500f5bad83c351252262e86a6577b5423eb2ebce12f2f54e8

    • SHA512

      d5e08fd632fe081c8cc085c91f234add57a778b9b4f37d402399cd46d5cfefe65b8c6ff89c47348e1b3ae844b0d772a3be0a27e0a4367712123ee03a9f36d724

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks