Overview

overview

10

Static

static

KD.exe

windows7_x64

10

KD.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KD.exe

  • Size

    7KB

  • Sample

    220120-k5wf4shce2

  • MD5

    ad309c9d2e62a1ceb52cdb76833bb9ff

  • SHA1

    f93694b6d153c6a50950f1df29c36fbbae5d1931

  • SHA256

    34e4e0f587ea3cbbd417710ec5b90de335dca96f6773fdd4ffb31b97b8913f8d

  • SHA512

    addb8b06e6c0791f72b39183cfa850b2553730b60242a38775acc65f6c88e44f431ec3eaadb9bb3c506e639b391f74391890ae6a27c4a2f4e7c3da336b9954a4

Score
10/10
ryukevasionransomwarethemidatrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\dllhost.txt

Family

ryuk

Ransom Note
TVqQ**M****E****//8**Lg*********Q***********************************************g*****4fug4*t*nNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJ*********BQRQ**T*EH*INL5WE**********O***gEL*Qs**JYm*Q*S********WKB7*Q*g****wCYB**B****g*****g**B**********E**********C*rQE*B***BoJZ*QI*QI***B***B******E***E********B***************Do*JwFQ*****C*n*ZwP*********************************************************************************************************************************************C*gIC*gIC*g*K*m*Q*g****liYB**Q******************C***G*gIC*gIC*gIK*P****wCYBmwY***CaJgE***************B***B*IC*gIC*gIC*M*****O*m*Q8*****oiYB****************Q***Qi5pbXBvcnRz*C******JwE**g***KQm*Q***************E***M*ucnNyYw*****g****ICcB*B****CmJgE***************B***B*LnRoZW1pZGE*YFQ**E*n*Q******tiYB****************Y***4C5ib290*****NQx**CgewFx0jE**LYm*Q***************G***G************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************/DrJbPNIaVBzeGlcE0jZV/oayWj1eGlc*0hpX*NIaTr0GGlZ+UrJbPNIaVzzSGlc80hpXPNIaVzzSGlc80hpXPNIaVzzSGlc80hpXPNIaV8kSDlXo3hpX*NIaGz1yxlc8+E4DPNIi17zaGlV4ghpX5Poy6wVkX4M*0huVRaIaVX4EFls+ErpfPNIyVUbaGlV+Be5bPhBCXwDQWvsE0hpPPho2Wz4QQGM*0FuD*N4bl5zaGlcU0EJP*NBbgjTaG5VE2gZVfX4CVzzKG58Q3huVR*YCVX4GBls+ErpfPNIyV5z2GlcU0qJXqRIKVWDeGlcE0hobPN*SCzzSIl/eFvZXPPoiVxSCEl/UKgJjGW7+VTSOGlfk2F4zPNIiQwy4Xjc80iJWtQoyQXi+GlfkwhJf6PdWfxTGCj14shpX5NIZL/zKya8*5j7rGMhePzzSIlas3hkvEUoaVrTeGlRk3hpX*KIaVwTS3lQ16hoXPNIaVzzSBlS+WhpL*NIaW7Tauj880iL8hMbLqwDSGkcFcu5XPPoaVwVyMlc8yhpUZN4aV8kS*lRo3hpX*NIaGzzGqmMGJgZXPMLJrwFmBjPky1ZvPNhuXzzSC5Og0hp/PNICQ5yiGlfk0qJXyRIKVEzyGlcI0hobP5IOVzzauis80iODtNIaf+TYTtc80iOrBNIaRwYGnlc8+BZHPNIKXUlSGlfmLgpXPMIDg7jSGn0wyhpXDNhO1zzSI6sU0hpHBgaeVzz4Fnc80gpdSVIaV+YuOlc8wgODuNIafTD6GlcM2E7XPNIjq+TSGkcGBp5XPPgWZzzSCl0oxhpXDhaaVzz6Gl0owhpXDhaaVzz6Gl0ozhpXDhaaVzz6Gl0oyhpXDhaaVzz6Gl0o9hpXDhaaVzz6Gl0o8hpXDhaaVzz6Gl0o/hpXDhaaVzz6Gl0o+hpXDhaaVzz6Gl0o5hpXDhaaVzz6Gl0o4hpXDhaaVzz6Gl+dXhpX5NIDowTSGkcWGqJfPhBewzzSI4eU0hpZeUIaV+TS*6ME0hpHuX7zg4zSGn15ShpX5NIDowTSGkVFlgJVfhKyVzz6Gl0oxhpXDVFmQzzSm+8*0huDmNIafXl+Glfk0gOjBNIaR9YWplc8+hpdKMYaVwyIXuM80iJXBiYOVzzCM5yUxhuVeUYaV+YCslc83F7HPNIiVwYmDlc8wphXPNIa09YGilc8+F7PPNIiVwYmDlc8wEBjBNBbl5TSGn882G5HPNIK1iDGGle+agZXPga+Vzz4Xvs80iJXBiYOVzzC/5Bg3hp/PNhuRzzSCg15ZhpX5NIDowzSGkcWGIJDPhBewzzSI4eU0hpZeUIaV+TS*6MM0hpHvvIaVz1Wk4OM0hp9eUoaV+TS*6MM0hpFR/YCVX4Sslc8+hpdKM4aVw1RZkM80pvv*NIbg5jSGn15fhpX5NIDowzSGkfeFqZXPPoaXSjOGlcMiF7jPNIiVwYmNlc8wjOetMYblXlGGlfm*rJXPNxexzzSIlcGJjZXPMKYFzzSGtOWBopXPPhezzzSIlcGJjZXPMBCQwjQW5eU0hp/PNhuTzzSCtYgxhpXvmoGVz4Gvlc8+F77PNIiVwYmNlc8wueQYN4afzzYbk880goNeWYaV+TS*6MU0hpHFhriQz4QXsM80iOHlNIaWXlCGlfk0gOjFNIaR76yGlc9V1ODjNIafXlKGlfk0gOjFNIaRUXWDlV+ErJXPPoaXSj2GlcNUWZDPNKb7wDSG4OY0hp9eX4aV+TS*6MU0hpHphamVzz6Gl0o9hpXDIhe4zzSIlcGJj5XPMIznNTCG5V5RhpX5gKyVzzcXsc80iJXBiY+VzzCmNc80hrQVgKKVzz4Xs880iJXBiY+Vzz*Q6MI0FuXlNIafzzYbnc80grWIMYaV75qBlc+Br5XPPhe+zzSIlcGJj5XPMLvkGDeGn882G53PNIKDXlmGlfk0gOjHNIaRxYYwkc+EF7DPNIjh5TSGll5QhpX5NIDoxzSGke/chpXPVcTg4zSGn15ShpX5NIDoxzSGkVHNg5VfhKyVzz6Gl0o/hpXDVFmQzzSm+8*0huDmNIafXl+Glfk0gOjHNIaR64Wplc8+hpdKP4aVwyIXuM80iJXBiYmVzzCM570whuVeUYaV+YCslc83F7HPNIiVwYmJlc8wpiXPNIa0BYCilc8+F7PPNIiVwYmJlc8wEGDCNBbl5TSGn882G5/PNIK1iDGGle+agZXPga+Vzz4Xvs80iJXBiYmVzzCl5Bg3hp/PNhufzzSCg15ZhpX5NIDo+TSGkcWGiJHPhBewzzSI4eU0hpZeUIaV+TS*6Pk0hpHvzIaVz1X04OM0hp9eUoaV+TS*6Pk0hpFRRYKVX4Sslc8+hpdKOYaVw1RZkM80pvv*NIbg5jSGn15fhpX5NIDo+TSGke2FqZXPPoaXSjmGlcMiF7jPNIiVwYmLlc8wjOcFM4blXlGGlfm*rJXPNxexzzSIlcGJi5XPMKZVzzSGtDW*opXPPhezzzSIlcGJi5XPMBD6wzQW5eU0hp/PNhuZzzSCtYgxhpXvmoGVz4Gvlc8+F77PNIiVwYmLlc8wp55eXoaV+TS*6Po0hpH1haiVzz6Gl+E0hlUPUYaVP3YTuc80iL0bN4afzza/vRw3hp/PNq67zzSIl0o4hpXDhdeVzz6Gl+dahpX5NhuYzzSC5B43hp/PNq67zzSIl0o+hpXDhdeVzz6Gl+dahpX5NhuezzSC5B43hp/PNq67zzSIl0o8hpXDhdeVzz6Gl+dahpX5NhuczzSC5B43hp/PNq67zzSIl0oyhpXDhdeVzz6Gl+dahpX5NhuSzzSC5B43hp/PNq67zzSIl0owhpXDhdeVzz6Gl+dahpX5NhuQzzSC5B43hp/PNh*cwzQWvuU0hp/PNqYtwjSGtWk2hpVSXIaV+Vyulc8+hpdKMYaVw4XWlc8+hpdKMIaVw4XWlc8+hpdKM4aVw4XWlc8+hpdKMoaVw4XWlc8+hpdKPYaVw4XWlc8+hpdKPIaVw4XWlc8+hpdKP4aVw4XWlc8+hpdKPoaVw4XWlc8+hpdKOYaVw4XWlc8+hpdKOIaVw4XWlc8+hpf1XNGVzz6Gv/JEg5VfMIaVwzSGhs+B0JXPPoqdUkCGlfk7iedvM4blXkOGlfk0ieeVM4blXkKGlfk0iYNeTYaV+TSJjF5MhpX5NImMXk+Glfk0iYxeToaV+TSJ5*k3hp/PPIiTXkiGlflS3mrBNIaVxYXalc8+F6vPNIiYxoZoks+EF9TPNIi5/z0QtMQ0FuUON4af9Qq*uM*ts5HwMNWFUVmNlV9ftpXPMoatijGGlcaGCJfPhBfUzzSIuf89ELTENBblDjeGn/UKgLj*LbOR8DDVhVGljZVfX7aVzzKGrUYxhpXGhpCTz4QX1M80iLn/PRC0xDQW5Q43hp/1CoC4wC2zkf*w1YVRUYyVX1+2lc8yhq0yMYaVxoY*nM+EF9TPNIi5/z0QtMQ0FuUON4af9Qq*uM*ts5HwMNWFUcWMlV9ftpXPMoat7jaGlcaGiJzPhBfUzzSIuf89ELTENBblDjeGn/UKgLj*LbOR8DDVhVFHj5VfX7aVzzKGrdo2hpXGhgydz4QX1M80iLn/PRC0xDQW5Q43hp/1CoC4wC2zkf*w1YVRF46VX1+2lc8yhq2WNoaVxobrnc+EF9TPNIi5/z0QtMQ0FuUON4af9Qq*uM*ts5HwMNWFUa6OlV9ftpXPMoatQjaGlcaGn57PhBfUzzSIuf89ELTENBblDjeGn/UKgLj*LbOR8DDVhVFOiZVfX7aVzzKGrT42hpXGhiufz4QX1M80iLn/PRC0xDQW5Q43hp/1CoC4wC2zkf*w1YVR7ImVX1+2lc8yhq3qN4aVxobTn8+EF9TPNIi5/D0Qy/k0FuUON4afGja/gMMngrr/huGfz4Suhc80jJUXGYGVzz0QIfk0FuUNN4afGzqP50w3huVedIaV+VmBjPIwsZEcJxBF+TQWvv80hpPPTFmWzzSP5/I5huVedYaV+Vi1nFFwi5VfhMeVzz6rlvYhgobDW7bnBjiG5eckhpXFNN4dzzSGnFHai5VfhMSVzz6qmsaGw5jPhBfVzzSIuM*ts5HwMNWaURKKlV9ftpXPMoa4KTwQ0/s0FuUNN4afGzqP5wI4huVedIaV+VmBjPIwsZEcOhDh+zQWvv80hpPPWaqcUf6KlV+ExJXPPqqaxobDmM+EF9XPNIi4wC2zkf*w1ZhRCrWVX1+2lc8yhpXFhdqVzz4X1s80iIPNNrOR8DDYecs0hrjtNq6PzzSIvxkxro/PNIiVzzSolfJEg5UON4aVxDSGhs+KipXPMLK9*zeGn/UKgJnHW6CVUW61lV/njZXPNq6KzzSI5*Q3hp9SfYaV+T6MFfs0hpHPioqVzzCLuM89qJXyRIGV+jSGlcU0hobPirWVzzCIuM8yqLfPNgabzzSCvyExsur9NIaRwVy7lc8+hpXBXLeVzzKGlRk3hpXyRICVGjeGlc*0hobPMaqYwYm0lc8wsmv*WYGM+TLVm882G4TPNILk6DSGn880gJDnKIaV+TSolfJEgpXzM4aVwjSGhs/kjJXPNq6KzzSI4O00hp/5NhO1zzSI6v40hpHBgaeVzz4Fhs80gpdSVIaV+Yuxlc8wgODuNIafTCGGlcM2E7XPNIjq8jSGkcGBp5XPPgWCzzSCl1JUhpX5i72VzzC*6P40hpFeV4aV+TS*6P80hpFeV4aV+TS*6P*0hpFeV4aV+TS*6PE0hpFeV4aV+TS*6PI0hpFeV4aV+TS*6PM0hpFeV4aV+TS*6PQ0hpFeV4aV+TS*ve*0hp/PNhuFzzSCk1FZgJVfhKCVzz4SvM80geTiNIafzzYbhc80grXeNYaV7q*Tss80iOTkNIafzzYbhc80guc9MYblXl2Glfk0gOj+NIaR78+*lc9UFJfPNBO9zzSI5Oc0hp/PNhuFzzSCjF5ehpX5NIDo/jSGkfWFqJXPPoaXSieGlcMyEPzBNBbl4TSGn1NdhpX*haOVzz6Gl0onhpXDVJ+UzjSmCVJThpX5ha2Vzz6Gl0onhpXDhgiQz4QXvM80iJXBibaVzzCmLsE0hrVdNoaVUlyGlfmFrpXPPoaXSieGlcMsF7/PNIiVwYm2lc8wvOQZN4afzzYbh880gpNR0YCVX4Sglc8+ErzPNIHk4jSGn882G4fPNIK1zjWGle7QE7LPNIjk5DSGn882G4fPNILnhTGG5V5dhpX5NIDo8DSGke/PgJXPVBSXzzQTvc80iOTnNIafzzYbh880go5eXoaV+TS*6P*0hpH1haiVzz6Gl0ohhpXDMhB0wTQW5eE0hp9TXYaVwIWjlc8+hpdKIYaVw1SPlM40pjlSU4aV+YWtlc8+hpdKIYaVw4a*kM+EF7zPNIiVwYmwlc8wpi7BNIa1XTaGlVJchpX5ha6Vzz6Gl0ohhpXDLhe/zzSIlcGJsJXPMLzkGTeGn882G4HPNIKTUSmDlV+EoJXPPhK8zzSB5OI0hp/PNhuBzzSCtf41hpXuwBOyzzSI5OQ0hp/PNhuBzzSC5w0whuVeXYaV+TS*6PI0hpHvz4CVz1QUl880E73PNIjk5zSGn882G4HPNIKIXl6Glfk0gOjyNIaR9YWolc8+hpdKI4aVwzIQzMI0FuXhNIafU12GlcCFo5XPPoaXSiOGlcNUv5TONKYpUlOGlfmFrZXPPoaXSiOGlcOGGJHPhBe8zzSIlcGJspXPMKYuwTSGtV02hpVSXIaV+YWulc8+hpdKI4aVwygXv880iJXBibKVzzC85Bk3hp/PNhuDzzSCk1Ghg5VfhKCVzz4SvM80geTiNIafzzYbg880grXuNYaV7v*Tss80iOTkNIafzzYbg880gueVMIblXl2Glfk0gOj0NIaR78+*lc9UFJfPNBO9zzSI5Oc0hp/PNhuDzzSCil5ehpX5NIDo9DSGkfWFqJXPPoaX4TSGVQ9RhpU/dhO5zzSIvRs3hp/PNr+9HDeGn882rrvPNIiXSiKGlcOF15XPPoaX51qGlfk2G4LPNILkHjeGn882rrvPNIiXSiCGlcOF15XPPoaX51qGlfk2G4DPNILkHjeGn882rrvPNIiXSiaGlcOF15XPPoaX51qGlfk2G4bPNILkHjeGn882rrvPNIiXSiSGlcOF15XPPoaXUcK1lV9frJXPPoaXSiSGlcOF1pXPPoaXSieGlcOF1pXPPoaXSiaGlcOF1pXPPoaXSiGGlcOF1pXPPoaXSiCGlcOF1pXPPoaXSiOGlcOF1pXPPoaXSiKGlcOF1pXPPoaX9VzRlc8+hr/yRIOV*jeGlcY0hobPgdCVzz6LnFJ*hpX5OI7nbzOG5V5DhpX5NI6XXkKGlfk0joxeT4aV+TSOjF5OhpX5NI7kCTeGn889iJNeSIaV+VKoi8FcuJXPPqiVNE0Zlr35l1T*NIaVcDeGlVtgGeFTkhWkMZIT5VSB4/JSRfDyUoQd4CKS8PIgk+3nG1cV4SKEEPpYkaq1NZIQ4ViEFKsTRda7H0XWue9xHfpTghDzDIXt4lOB4fkbV/biIZvp8DqSGcJemO37DJHfrCBC46IVRtmgE5LWrQhQ8+5Sg+36HWHt4F6CEPEkgNTHVIUS/1yS8PJShB3gIpLz8lMxhpXPPYaVzzeGlc+c8+5Sg+36HXMQ91aeFP0dcenhXJYWuu9hGeFTkhWk*4Hh7FiF77nvYu3nUp4X5*xD1KUdR9SlG1fD4luDHe*kShTzVIMQ91tbpsVUker+Injt7jOE6/JdSuClEp3d8xad0aYjQtb2Epb21gNnwdEgRpMSITqHWiUqw3uifnmDpm6lrK+NLaqjvWnLVDeGldk3hpU9N4aVgjeGleY0hpVrN4aVzzSGlSQxhpXhhIb+z5GG4c+DhufPk4bXz4WG7c9HhrvPf4b6z5eG/M+ThpXPNIa3XzfplSI3EpZUNxCWJDf*lV43HpYRN9SVODcVli*375UkNzbG8DSg5c+fhvDPgIbiz4aG8s92huTPjIagz1qG3s+bhvbPnYbyz1QhsM9WFpZYN+OVUzcdllE37ZUBNxeWVzfSlR03yZVcN+GVJjftlZ8G0pXhhIb+z5GG4c+DhufPk4bXz4WG7c9DhrvPf4b6z5eG/M+ThtUBcoa3XzfplSI3EpZUNxCWJDf*lV43HpYVN9SVODcVli*375UkN3Y*NTeg5c+fhvDPgIbiz4aG8s92huTPjIasz1qG3s+bhvbPnYbyz5Rj/c90hpbPNIaUzjSGl880hpXPNIaZwTSGlTBgGeFTkhWk*4Hh7FiF77nvYu3nUp4X5*xD1KUdR9SlG1fD4luDHe*kShTzVIMQ91tbpsVUker+Injt7jOE6/JdSuClEp3d8xad0aYjQtb2EpaNls80hoIyjhPiJJrU0VGWH/9dnNTXWIMV9182hpXPMML2U5aPl8E0hpX4MYaVzyWDlc80lcXwNI*eP2XPmvkuiJXPNLXeB3Pwlc8z9pXPMYadwTSGlTxxe0DPNIaWUmHP18/adIrYN4aVw53B2g*3hiZ+OJr3xDSGlfiEzs5SN4abjjeGm4423pIyU4aVztLJ0QBjHvTbqh3K63+YlcbtNrbgcI7RxySOtvgk2p6dtoZWrOplS6xqwNer6hxtXRoXRY0cW+2WXBvtSsxEn6jIx+uO3Fj8aZ0+j8U7ogJM9OwIbRlreD74cj1t2eiDeguin5ucjdE3UYI3z2cGvg8jpp//Mw6Q*zYglufEJPmU02rSwNaGxk9f1tz*Bnrc81SIhcS8gNH*1obGT1/GgY85NlgRZga+DyOmn4thi*VuTCCWMLeu1fNUiIXEvIDRwNaGpsvE8oJuK4rGT1/GgY85NjUW0YbGT1/Gge8+tpJHMcKWYTfRaYMqtpJHMcIWNmeBZ9J9srX5JI0dwXCBN89nBr4PI6YTziIqfnJwoJ//Mw6Qoxw0vg8jpp//Mw6Q*zYgljC3rtX7dZGT*zYglj*XvMFPC0WHxLy*0cDWhsZPX8aB7z62kkcWBpMaCW0GRzHClmE3me/iPraSRzHClmE38RXndLK1+SRDxUs28RXndLLtxCOm1F5zgTfPZwa+DyOmn/8zDp*DNuBtLvYI1*hTIJYwt67VTRUJk*M2IJYwt67V81SIhcS8gFHfIOfV81SIhcRqwZKH5LvGT1/Gge8+tpJHMcKWYTfxFfcK/iVhZLQe53SytfmkJ61hN/EV53SytfkkjR3BcIE3z0eaUvYkjR3Bc*HNPzaQYQUjpp//Mw6Q*zYgljC3rtXzV*yV9Nhu*QJRiIXEvIBxprqu1fNUiIXEvIDRwNaGxk9fxpkOBozRwNaGxq8i8hXLy7GSRzHClmE38RXndLK1+SSNHaC0jbjJEzEewXCBN88PGLH5JI0dwXCBN89nBr4PI6af//H36cBnBr4PIx6T9FTH5*M2IJYwt67V81SIhcS8gNH*lp71gLnEruPWhsZPX8brrb+*0cDWhsZPX8aB7z62kkcxQmbylcaB7z62ki12jV2+KPEV53SytfkkjR3BcIE3z2cGjs1sVj*+JQm+DyOmn3/U3zfPZwa+DyOmn/8zDp*DNiCWE*tNjf8zDp*Dtv/Fw*aS3PNUiIXEvIDRwNaGxk9fxoHvsoeDmx8y0eE+qgzB1yE3FoV6bo40mlUuNJtNTtyEV8EIiLhsqzoMWkSiNHRnBmqLJo0dwXCBN89nBr4PI6af/zMOdy6+OKy4oK4ljSJ+LFzoOaEmNZMNjpczRd5UohUjGJrGLupw*W5MIJYwt67V81SIhcS8gNH*1oamy8QU624reSg0N5psOlsb3*X9D7VNX354EvQNUp/+y7kf7t3ExPx3iTC3rtXzVIiFxLy*OJh34/BiyDtpWQUwenpfpinB+f72RXhlW7yauaDjb3GY41Ksc6QSsNYtio1LTjSEDbSWpG/ZOBdjaF7JPU7a5QyBNIEFc3OBN89nBr4PI6afG2aB4BI*JpXLHMZr0KRzQLEj3L0bRt8nCGbmTvRsV*iZrjmPTN4XTp+WWSDkD+GSnWtZYKZ0hy+KyPvIKqjuZxlYlkFuNb3vusREfU4JnX+h68RL2f4zvZ4B+M5e/Fx6jiCi0GE38RXndLK1+TxXljNoR2msBJtpyDhHX4llidzJ5s+0T*14/d8+S6ipSbO*8v0qBZwDwEK17QwTRdqS9KcL4PQfrPPMNuyc+6psFT1atM/liQiaaZQN6zqk0dTMPO13RX71cvfoxo34+b1H7d6VBClPMxapN2j7pDYuPm8P0ENGvyfUXhoHlivWFQJdxwhqfqf3D5HWT0o41Tm6jwiz+Z9PFo6Ui/kkFbDGBfzq92Jy408/+QO2XWpycEjc81SIhcS8gCSVMXHHsGc1FwkY2mSLwEzLv4Elnp+L9gJBcIR7XrRr47kYeyNatIV5LpDg9/Wgx/3Uypfr3ghmlY3KJWurOsFClhUbmVVzB4P2LZ9dDjVQPmefwegoeW*pVgRDp80*JpUbX67NOXXaLETQhEd+tdKpC8uUyPJyz9xODkr1qatWz1V6PKeCEis2QYgvpVQrJFJGtGBS+KpblgJlZ4S6YozzDcpFK84PTtWZ2SjM4QF8RZLJWGiipMdro6D3ZfDnn27Zr*J6UJK9VUW03aoOO0CN/+kvBTWvntXo5Ucg9r12Lx4Q1pG4ua7V81SIhcS8gJgxN5gidqMy1o4UPCZEgMsnBfF05p/nvyyRwRBJtZpm5s0KlhWCZ2+T2D3Fl00GCvVP0Ix+pYmELJXNh2qmdOYeYtEg5pUng1Fw9416JF4J+1ybl0qI*G8JXsXCqL3SywwNCp1BTgpq9SSS7VkBxV104YQ4dht3Tki3/74M8tZQLib88CEsHorIp1liavgfyopWHk4dvkRMBPx1RIul5Bh3GPeW0aUcdwsqDy+5jTIS+I+sC*dwpjapQnpmt897qC06d*UF+s/Z3pWFsjX8NWvuTa+jxd9bBZkRCzFDiSaY*x0fk5Sjp3oewXCBN89nBr6fP40pjMsHYHLUxuyuog5PsXWHlMwIqoxVLYQ+4Kq3I8apmjaPV9aUDErFV14lqf6CJ*9h1egXoUIOkbs3KXpN9gi8C+U0Go3D6UGFHp/XWHEv2OKNCJcp4PehWHEodJLLQN5QxiWkdWLwxFRh0e*CSrhKSY03pV1gloCPLh+S6cwJHJ4RHG98HdC4BfT1hIJ6yFUMkOnL9NlP92/fDpSwH0e2dP35/pMJWGoGXhVFL/Gv16Y+HSzQJjLjtG/+io+9m+r5pR22dM0HDtVDM565yVXn9zj/bPk9Nix3LjJ3hX6bQTfKMrnrh7kSei44P0LRNW0Gq7+*0cDWhsZPX6YpwcChFndavsFH7sDUNBbejBFSFR3ZGGrNHRvV8SBXOT1GX*KrBX3M9eg2ZsZaPKOxyx3ZcrPjsg04J7WrIK5Zr5cYZmqlTJaDrTKG+I87*603H+eDbFWbaoHxwI05N61ugCQEVrRZUX5rztwxBrJGZG/gQrjTLbErTDa4s++SiwYqiTScn8FmlfbuIfEt2p5jZve/XgHINroiGn1RgjDnfxdkmGbIGoMIN8+l*5*7Sjpvpo7PgG2uYGSTixZMiymmpkRGtO2ap+1BBnWK3Z82mb6+tonruJdnZCMD+oq9sq1TH/HvSUkSd08*S3OPbBKqzutl59yKIRzuRvrQkUUivtJ1GU0oMbFnfl/Gge8+tpJHMSskz3liUEQ4fn0WTN/Quy3MZ5KaYaB1sq1XqiXVcB0tMoPmSrcGBWv7lcZG423Y2y4sT7y3tGXdLC*aIkorn3PGvUcaYt4NO20T9oDReO2kb3av1z0z9GppeqM785OPxwdsSja8wa+yrPN4q5yvP*gFvvesFo4lu8gnKzQpEYEHpIKRa5sIHEhnbMSqW/FzID+MU7fBTNu3h6B1p1mxhVKCjI+xFzkIkuThbC3oQyt2HWjfFiovqBE7ro0qlmBhjHXh*v+252U6h7*Rl*7NN71SRpYpLCtD/tduPPKPHNLY52r55QmWklNm6WvLtvbo0*cfKLd3HZJFXsHM+U1voGE77SM1w5oOk15oni/+*xLPDv2DqWTy6LUQ3jVzgTfPZwa+DyO2z8Cawxe8PX/VbZi8ce0dGw5IjKFh4FistiQBYLWdKMY67DY3Ssb6sBaopUZfzh72FHm7DnIYO*p0Rv/ZET5Xip1lqaXT9ZefiC+kfj25vGeTxws4x2mih53lSNuoSv1vYQvay76FyyzilXjnU5U9ZHv6th/d7krLkQk*wgxNjZtEMSO2RY331mkLWSdh3YPE+vaQTSd*3MWjT*+FWgsNbeYKW1tJxl+mxJdeFt5Lhn1gJEaxWHc+upsMXIDr+FZ6cYHLY5axdzeOd/ITj/rBWs+cCrO73gYjSo8Zwni9ywQJPcew5k2WrHwus2EdW6znJHTkEed+vl0ptMv3FHG3rtXzVIiFxLy*uGO3xqzHMr0/+Zx0oYV0jo+CO5Vhik/kusRkzRN2bNEspM4LgwltHCwbJlaiP0iPtH06x0jL5Jwbfz2PZSadb*kqW8iqJyYGHgnqUbV+B+6PTX+DKE/XsRnlbHnRahjfDEq05i4gwR/+ordopPsvPn0zYbODUaqRk3Q/LJwPNpkvddX/*PKglWCk+O5Xwao/uTozRwJwSlzw*BI5rRDsMS*Dd7ol/uQntR1Wdnih8gvK1iaXuuiyByTa/SSP0yNwBgJBGj9CKg3zy9HESdyLZLbLwf8IUBZQsy1rbLncR5YBP*9E1n4+Hl3GQCN2P*fEm4JfbFu*/E+dpXlGCzzPsB*XB0kzpiVSIpOz9LdXjYotdRcL2Dp4O61OVrNBs+NGEfpyJdY2Xdpi7wv21fizSuoMUgNU6/beeoiagVjdDlh8+hR4aJ8/Q4WoxS9hgF5rcO0h6+yajgfTBzEgljC3rtXzVIi5bjF2c+pIe8qGJSVOYPUL6NS*hNdMI+gOH9C9CvfmxkRO32/WppmBssEZHHm1WrKIJgtCxPfyXzFoGphlQbxbyY2Qz64w*Gsn3EwHUf79tKJRG5hPIheYg0JScE+oPt1t188eXusQDESMn+ytRQoPh8MYmHd2DPnzCpauoL4*gxI*HSV9DrXVq5M*JSv0rKB917ftDtZjkKqie/lNVEDED4/yjFBmdve2FP*DJC*gZ*0aeILLhzwFJkjDl56IMIRfJSqp2MPlzgQ00YcnpoyyKR6lakYSK5Q2R7+O89QiH0fG75V62x3/+FBCOS/tCk0NCY0hRsgrp2vxO4dK7BeBq9JUd8iWl0PFXuVXXI3RJJPJKma96sj60IcqQe7uRJpiOjqWq70ErJ0rjgDlzgqWFf4rDi6FOHYFK3+3/Ogu6y2dUV5pebgLExvWBvK7eLJEI17innb1ayN0MBLtzgJWFRyL5hQE/JNRjEoX3/WXnnfP7Tx+gaLseikMmKghBtducbTs3cVwgTfPZwa+DyO2y8C86aBi+uZbIMndpTbnCYsZ227LWqsHpkZUCmZGlV5+3IVy1Qe7r0gGQHBnzrxPyJJIWOFxdvOXF5yafFk2WzaOsUGV/7vinLeyx6ngZgBnT6kY+jtbmqSC*eWcx/2bYthg2rruC*KTR8*hh9cLVL+7Y7duj0Z*R4DodPerdXNPgWMTdgTma4XICmLxn7Lej1UhHonBDI6lVwOvhdplyt1DkUdjtWhnlc0Ma*GHZcZa5TzvEQyMg+*+W7F9Xjv1jd8FD89Qnijhg6QHaiJP3fUuHMQCC+Te6uD3ohuvjoyTxQycjDh49ejLD1CWqM5CF8VS9hWsjON7pPn4Vp*iSrGELMcL3VW3YU+s51GE/UHPD2rjkc4Q5ZMvSJGLg7sP0feCbIRpam8S71Pim8BpHkflwVwfHoI+JO5i0Chs*CrZougB9Xo36pIy7WMpce5udtoYmlfGVcaIxkGIqlYsFmuC8kOhgSS1iZ+YFiFfFECgjiWOpRZVRPCIUXBQ6DzBPi/ckgH85kEEry8ROfyIwND4SIouhRxitPI*JR7TStTxIOt6Sm+StrMxliw97s92lsB7/2Wjto/YW5uqCS5/jEe*co2gxMxeLsfPvwu413mEnTk+SPKQ*jzGnM0XMkDfsjY+ISn*qKUt2tby9e*di1dSlEq5Ul7ty3CaQXu+SMlLiyUaj6IckmT6JnbQG99iueEVi/w5O0dmDjStsjC3rtXzVIiFxMyylYIkbIHrK+SEDOghPPr3dz6HXxa/O/yOy/qeHspC5OH7Tp/X1cLXmZVCL8TBdtbknWCE7L93Dbn/G99bqaZUd8uPrLaqgkB3J2b250OSP13JZ1uhkufxdzQ9pFGZN46deDTw*xyiEGJO1cDn9o/0vnWWdryd1nbdisSv75RCO42NTcknqqekbJUq48f5165PQLXtfEusOjnRTmKUl8RYsWWqh9QlbnazTBI1wJ3wvZFPHsZj6kRco1XcUH4HEQh6YQuiE0UXk4xj1w2USTdvro0rZtoE93Cz6Wj6ZThk0o3RT8WbYjZ*P7mkpyFmGkM5kEzTprNnvFckxDViTlcrZfOudorkDtCv8ORM0a0d268hsHcP5onZSiqz1hgE/pXGPEmL22WS63rt5GOM+fqv*f7n/yPdfq9NVqS2QNbQ1yNXq6nail+9+5XJoJN6jvcdUx3Ie2bR*UPFFf+5jxTPwHhfwEZ3EoxIo+ZWBQX6ldZ9CzI*ig2LPnTDoE8FK89HNsI1y1nBPKy0KZwmk3KFR+Zfh2Zv2Xaugixxek6Dgjz3fBcvHYhsLGah2x5YJIabhnL8Nae6*RbXRVSsik+YzQ08r3WSumF0Q7izvmvENQcG/Ly*0cDWhsavgvC1Hkw3WYFGN7S+EXfirEcMgUbIQT9RbqodNnDgM0KxKmbawoK4+Qt6t0ezTNkSNXQqxaVR4N1FFj71CsDcU8fFxc8XmuP6gSR3L9bq7XdKaosZ7Up/0/egV+kIl+ifmubvoGoUxrKqf76BR4TVyxa2xcL4zkSvWYwJ/USaWp06SpLTOEb2Hkv*ZmvTJrTDE41Zyzxx0CVWocgLdqVRa9Zzl9JT4Nh+FCOd0XEKGH0TwmsvcWbbfNItM//04hs89y+FFbNWqlOW5lSwZ2Y/a4hMNyw3SpwHOeU1ygiaN4g2CFu+B4rFQhyv5bXPNOKlgS2q5mg2dj2cnVX/EguH4TsFMl/FoZ/5e7fXW0OvnoL9T1OExpe2hXmYW0iD7Y1rL5Iszy+hV/72QJCpQu+*RxpyDQkNUObXFx1utNKRe4/*zZWFLBZLdHvvm2jU2u7xLk52afZchp1FDmoSjIISQP/WkYXOnISgg175b4a2+Q50Q9XWuS2diUQjaW+Uup2+TNRQDsxf1Q0skgpH*8S7S47GhZdrwdOlXZ7vxw2kCcfM0YxMr2Z9oL6yg/Xy/Yun8I0sdKd5RBxW+ogfusVhvPaY1jDOeNen6pEqEbK//CRg*MktZwIKZsTky5Ykj7k7r*QkG*zg2YfL+9ZBov3gJIGvE05Gx7YjKCCWMLeu1fOMxYE/Z/aVaiyyjeMUETetZM9ngLdFlc0IGTYN4932VUZsH*sqslFUHNxpfz7StLt6jKN+2PUWWixe7c8swGnJQxal246C*94DQHJIJ0gRHc821TPb4Y6UjBaUgChZJyy20Zu/MLn/kycdHUlOm4PdCwp3UOFj7Y4IpCFt+5UT/cq4j/1UYkRSmHrF7Wo4llCEgeDKkuzxQRa+tcI**J2CZPeax9u91Mrud9Y+ByPFbUshmw6F9/bWTyZ0vT+FjafWuqWOMKITLR/htYDkFtsUPPWll5SGa+YM/Xdh5dhwawaULi*x0Jw68N2Mz4sGtvZM7/0rJ0TNDoPyFpbe*4Q7oj4NGiO+uaQBX7WwCEPdeagzVjbIWy++SflByyUWQw*UB1TyDHRkZ+REESXE4ng42oL*xlKnt9nnS4vLXP7cl2tBRLB*YVGnipj*RgOZZki9dufcKWeEVz+GgKsQgXR0Z1s1iFjvvELERt8BppZq

Targets

    • Target

      KD.exe

    • Size

      7KB

    • MD5

      ad309c9d2e62a1ceb52cdb76833bb9ff

    • SHA1

      f93694b6d153c6a50950f1df29c36fbbae5d1931

    • SHA256

      34e4e0f587ea3cbbd417710ec5b90de335dca96f6773fdd4ffb31b97b8913f8d

    • SHA512

      addb8b06e6c0791f72b39183cfa850b2553730b60242a38775acc65f6c88e44f431ec3eaadb9bb3c506e639b391f74391890ae6a27c4a2f4e7c3da336b9954a4

    Score
    10/10
    ryukevasionransomwarethemidatrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks