Overview

overview

10

Static

static

Tes.exe

windows7_x64

3

Tes.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Tes.exe

  • Size

    154KB

  • Sample

    210820-z19gcl2y7x

  • MD5

    a8e947ecf656a8cb91453e469705f574

  • SHA1

    44428090dee86c656388ae49df65557fc5b7082d

  • SHA256

    926a1cf61ac26f4b0bb0d1af623d1e22a98f4e53c34342ce20b245aa636d2c85

  • SHA512

    6d8283073124cc671f152f332729c152d85fcba1e6dad45550ccdd713ce92df1554dae8d5980aa0fd6443eab33b5f9f22828051bfaf6111bfa95ffe05774da19

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\EncReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk function info(){alert("INSTRUCTION:\r\nEmail: [email protected] \r\nWe will contact you shortly.");};

Targets

    • Target

      Tes.exe

    • Size

      154KB

    • MD5

      a8e947ecf656a8cb91453e469705f574

    • SHA1

      44428090dee86c656388ae49df65557fc5b7082d

    • SHA256

      926a1cf61ac26f4b0bb0d1af623d1e22a98f4e53c34342ce20b245aa636d2c85

    • SHA512

      6d8283073124cc671f152f332729c152d85fcba1e6dad45550ccdd713ce92df1554dae8d5980aa0fd6443eab33b5f9f22828051bfaf6111bfa95ffe05774da19

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks