General
-
Target
Tes.exe
-
Size
154KB
-
Sample
210820-z19gcl2y7x
-
MD5
a8e947ecf656a8cb91453e469705f574
-
SHA1
44428090dee86c656388ae49df65557fc5b7082d
-
SHA256
926a1cf61ac26f4b0bb0d1af623d1e22a98f4e53c34342ce20b245aa636d2c85
-
SHA512
6d8283073124cc671f152f332729c152d85fcba1e6dad45550ccdd713ce92df1554dae8d5980aa0fd6443eab33b5f9f22828051bfaf6111bfa95ffe05774da19
Malware Config
Extracted
C:\Users\Admin\Desktop\EncReadMe.html
ryuk
Targets
-
-
Target
Tes.exe
-
Size
154KB
-
MD5
a8e947ecf656a8cb91453e469705f574
-
SHA1
44428090dee86c656388ae49df65557fc5b7082d
-
SHA256
926a1cf61ac26f4b0bb0d1af623d1e22a98f4e53c34342ce20b245aa636d2c85
-
SHA512
6d8283073124cc671f152f332729c152d85fcba1e6dad45550ccdd713ce92df1554dae8d5980aa0fd6443eab33b5f9f22828051bfaf6111bfa95ffe05774da19
Score10/10-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-