General
Target

8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a

Size

144KB

Sample

211020-pzw8nshhhq

Score
10/10
MD5

89895cf4c88f13e5797aab63dddf1078

SHA1

1efc175983a17bd6c562fe7b054045d6dcb341e5

SHA256

8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a

SHA512

d238fa264ad931ed43798a65f01cbe1d044300dbe5312bdcef8540f2757079514daae27f30f2369b7b811a3273c961f9fd38e7ae5010c11120c83906e8c102e2

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = 'UWUEbcQLr'; $torlink = 'http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion

Targets
Target

8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a

MD5

89895cf4c88f13e5797aab63dddf1078

Filesize

144KB

Score
10/10
SHA1

1efc175983a17bd6c562fe7b054045d6dcb341e5

SHA256

8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a

SHA512

d238fa264ad931ed43798a65f01cbe1d044300dbe5312bdcef8540f2757079514daae27f30f2369b7b811a3273c961f9fd38e7ae5010c11120c83906e8c102e2

Tags

Signatures

  • Ryuk

    Description

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Drops startup file

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10