Overview

overview

10

Static

static

Virus_Destructive.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Virus_Destructive.exe

  • Size

    249KB

  • Sample

    220124-taysesfdhn

  • MD5

    1241c7fa483e828693d121d6933ccc19

  • SHA1

    d766b6a14c9476aad4fb994fa06a24265f1eb24b

  • SHA256

    4a132f5fca3763d8328c66ae447ac331e5bede35a63b6cac8bd845a3504d5bbb

  • SHA512

    febb9519e5c63ea50d673c26a98fa675378c1d9205bd9bc878aeb3e0130c2cd877ad922df4a2c7dcea7a9815b6fae83becb896e38f59f3d7a7edf0e161cd28ff

Score
10/10
ryukdiscoveryevasionexploitransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FBIJTPX0\f[3].txt

Family

ryuk

Ransom Note
)]}' {"bgasy":["https://www.google.com/js/bg/xhsXU0guuD_DJQfM3yOamG_r6Q35zwg2XWY6fSAgpNU.js","TSs61ug7rgvK0V+dM+6KK9k2y+LZXRiE9BTXUue7pWnUWh18gaRDW7ekTEDeqWcMpTzp1QeSTV4+rlTuEuX8OKYipOVreLZoVEDYk+pfSw2VX9NEIHq1gmhoizmzAtkYD4UiSQQXJFafwX6gi9/GU/0afvEiJSUfPkCKXXgqjoyfdUpQa2dt2YqHnY+ykKukmplYvmbiKgIm8EDIaUdbLaNzShkb52YK6t1q2GUSgvYyTSxV81Ys4ONVVP2p6u/yYbElBfXT3AWAmHS4C3MBrW94NVWghKiBXFQ8fKPRf9R9zZiyXb1TgixkiTewj8Dip5humgpjJp+omXYK9hLyD/vHYujIJOD/JKMGlwZXE6qsa67gIkWK5DDtOhJz6xJGhSVPyTLa3RFBwKAloKP38VYvkhzCU7nDJOBxPPd29gZWLK0o9W1AjeRdXKQ0xLXtwGQkUsdV4vd1r6GibKaCyE9x32ec5taIbIzAqgExDq+2g8M6+RZwto7nfP+WbxIlkYsxhWZxmqSMMWT5LQAEt0fkYSL2+78iJx+lANeGmyggLFoFzYqc5Z7BIK3blkvpAy0Jp23K+eVjFhbNLttx40UuhcA6TxmeaWOuMAobB8nh4BW02ymSLsnoix1xlqHjwMK6NFGxlU0LWFpdWcDlISyhwHARSxwHkb0qlDnQTyH1f/oFGZwH0wlwDSUsH6zugpALnGw90IAemBODAgzF68+x2l0VwKpAaYXUjZpZbMAEKpfNTZa2vtV972H3ww1FsD7loiDgealX+u+UpAZw1ijMfczL7kEplYWm3wC2UK8teKS80BNJGhz+2lAUxZjmPoQLw//qOLxdMOUyj8Rifc05jJRXFMlFJ9QWmnM5HQOILlBis7559wer6XCjmDljbeZwLDHzzcPk0v6grCqbJ5i5woybPE8L0EmCfwHpXYPRjEOIFn7XRlJVIO937rmbwKtrru1w1mrDZBBgxlj/vZJ1R9KpV7ldVnNNCif7KAVBGwrvFer0TqkQKr/cFEL289VVm+UT+zbT6cHMSqy3vG5cgTG/9ARexzCto3/viCMhnFCIdxzD2M+r/ndlQ7br4NrfJMj8fdSfPN9NWJm+lcJ/mpV9lx7FOFTa2JmFxmrRGRMULxdsR0QwnYhUIt7nE2Si9S9s2oslGRtgUdXTPOGVv+7j5ajBY3w8JJuzRijZnqOue3jrXWQB7vgkdu/3VF2VB/sDh2mSQ2FDbY+z74svwOzqTV+H4w42AdT6/suFM3dIreXn8dY9L4Neve6pyQJ6Dmanj6EqIZWmzxpOpH0kRtdVlbph4+gYAg24tvM4KSuzUVutMsF35WcZgNsl0uZjBPo0RzJLRu36mvKdEQ3i8REIoLymeZ/Dut3xBagnYKW438+Jt0fvf1JI2sxY7zS3RHYrNljYYatU41uWu069g0EiUPbkME8WS6nl9skzX8cU7pJUFC6jT4kth1hf5E/l37zrKgCx36DaNhUSXwn9mrS/N8D01+eZ4TdO+hHF3xAscFfinXtAVBH1eBIM6mkRM2BVP5zahgbxAOQMXuoDY/6dzaNS+98fwLc5SHdM9BzbN9yxnMKjKm8W8y5kxGfXkDMl/6JmtavFZ3wrn2W+8NYpOQrFKcYo2Z60q9MucF+8PJuybTCNQUbueXoITWuuldjHH1C0FAhIAh4h8J9ThUqnHpzMoc8uohFevuQL1jXJkG2gcv4z2g1j+IjbyPT8/UpLznCOPvdJXLtQk4eibPfH9VkOTuG1Um03Y9CpXFKNtZfvuE5nzENejkyCciywfCM3w8/xaew7RmqSCNR9nIxmJNfVzB7GjHfr/vkK6bPnwkdE418UPjESutrn6HSSKR45i/wThQa0te+53zIK/CBwzZvd6ZkGs9smejccA7lA3H0S0n+MXZuLE6ll/fA7rQjQIdkADTrRAOuaZ92dLeghn4FVLr5vMHoZf9DUelzippqIq+z6D04YW5kZLGzhpKsWhpbw2EMUOJcqzIPsY1pUTQluZEWiqdq+OBJcGr6hwEcA8p5Hzj0pN7X935Mm+FvxHu/6VGr2P+FMBkXExEfZUYiSettM22p3qJeD2Cowr5CX1gNfnLmzhSPP8Upl2yO0zXOz6jrGz5Q8Oal+CJgLH6UdT0nMIpdEoHZxMobq2rJvPS0jT2TWMX5Da66upkYsP5VJIAmC2hTMOiIPquusZYIpcTSR66ZI/urWI5qxjB4xIBQgcs+xoScxxAjxLQIJ5LDRJlaKhz6aoFrpPi17nwXPPT5vtzCE9a/DCzGdPvuwrs9LmUqPcKM7QM44IIhl3pimEU9wsw7z5hRbeciyAKeXSYa0DLWwSl2SRYTEslK1gpELEF4K5QhDTWOeRRMvvNR7L/F/4Sxe0hRBu/Sb1HNgL4by7UoZ7G1+Kgdq5qjWyKE2LVIdNEhoh8s8FES5OBUEAUo0RZaeSKh0Ae+US4pjx3jVy7JhmNA48ija45/pYORgNr2rEVpH2eVl2qQUwaoYik386f0IID74HR0whVUTEEShTALbmxWOAgW3HnmaFrTaPxSVwoUjjXS8qGQwl/L7E1vGsAnHog7/Mdz8J0dm2SITZxrA2IAk6v7r+ZoW6YRODUE6GseJSBsD3dXy20yrLYJQMJ9XIfhUrWlI2pR4gPnpvaJrr9UdgeR3JIMfVUBRqBX7lKjOo7E1aNGD6krtcWoDcyv5a0y3di2fDk33Z5u112wUNF2G1XRN6y8IrB7YbyHETCWftOdNk3rdqCEEJrQj9KpEFLWN5zVcuDWn5krU2UYyQVqk447z1rKOdKFXICeH8WVV7mmHI2SWPcvFs5M/o9T2fP9sr5Elc6flH9HeFPzb75Z8pNt2vy/4RoBzWUlHG8PgOA6laiAWbMRBnOZTg3I2fi9Jsxt+8drQUwyiAB1AIfYSGPT1yZ5hHBbgfKBTYDno0GqzkkOvXnEGuEgcL8igO3I91xnc/BVGmSJxs3If/74dzJbS2Wo+1qUCi81KsKP22FmQcI9Tt18e05Xp0YuRt2iwD70KT5Enmn+dbYjt7QthNzq4rx998M975ui/cDhIup+xxqsM4sPCilFk+2chPupt1R+G0UD10vXGYgvKclCzZ4mnqh4zmPSqj7SbY1G17GLqO1spJ0d0/fpcIxhCNWgjFw12YLYSU5220b+caBpYjtLNri6I5BV7nr5NY+lJiFIgwKcMt/wPgRxBYnPe7oOwRaUmHw+j+gV0w4xZ5E21Eb8azdAX35jSCcbcj4UHffEvewEgED1+n5wXhEZtT7Yv1lr2mWO3FnRsjSbTGu8nN+V815/TBLEp/6ieFGjTsMcw7v0Ddm6tv2NQOFgRpdYrFPClzAvAcFdBw/jI59hMIyoLhRZndrwrvZMSR5H4ryfBZ805RSwZSp1onPGwDRFfr+NXz+ZV7740iDArwAB+DrNEz7eIqKZNvLT70PbsPEiE7WAPslw3kIf3aLu6hOh8xPLGbkgxEtR8/Ykh9n37a5BUxcq7rudgsWyyELSkIrynZd9wSQQkXs5oBOWpQyq4iawpWJ8O1H+v7/McZTDDCJVcIYhWOBi0h+txqDN12rSEJtEZZkWl/oGS89qjyjvzzlOEHTKucMit4QTqtGTbNibvq6C8K9N3TYAjO7siMJ1D6KjZxeeDnd51R2RecDaDo7QGV45FNJ6qyZIHGq7w7D8C8Tq8W7SqPM+1FiNI+zEvS0yznDJJSOxDU6sGm98TTuzFfb3ZdGNBst0n43UnIMzvqrY/0ju7b6+XZFul1L8kVkLqfWRH11HzVoCxRVImRYd5VyQa6CSCIuyozXehAj1Z93/VtMGQakgRv6ow6l2pspOeCYoeaKh6algdR4/YyNjnt30UFjzhtK/cxJzk+rb6uBuMSepe28Z3XHwL/h90mQKx1U/cR9mlyknrHXPvp6eFmKzOpdg0ukdXmM6t4e9tqy6jfnF7TJTFzeQizgdkcDwwLYzD6cr/PfYby+xSkWltn0fwgfa680+L783E0X5tz3GRD209FJDoG89U3Wuf0qrBvci3U+3FJ8y1lBoaKeq2lQDVY+uHlhOfcd6v25P+GV7hZLdU0FsxyN+qrjxVwptgTK2YEhlhdQwq75z1dsUXYHgChmOg3rOnqye8+fBbdCoLzmcI7ToQtbkcyoK1IZ98T1zHBI65fBhb87lgKg4Om+li5plA93+ct/xqnNW/BRof+VnATnV5yqsGEmZgTon1pTXLGb/JEbG4v1k1ntvS9waMgpb6wvXU86xeypkl2DUYMnRyukTNrR9boArJE/4Heq14ppS6f570C+VfD6lfpsX2ql9volk8baYi2vjzPGbBmT84ISFu1U4jmoR2lKwKk9IS3MX2Q+x9nvUFhwWxkUAn/aI4J4rEK0BktDBV1BNb1dAPW432GV5HNVzhfC78/C5mfMHXBa60n29qDD7Zn/YOrEAX6I5SWyfUZ1xjrRTKLGfNjvqyUnlOSkhnTdy/WdjikI4WZdxjvPvQC45ue7Q29blEXG1/IkRv0+0mEThR5FvTJEEGNypPO8wcv2R4qCHudbQJ7pcussbxlp+zTM/vJRZKDKrujP5xG/ZucXclA/CcbEtTOCKWY+v9DNwzI4/BwFz7f3Dxlz3MW6WC2ujm+PMLIdTJYAE7cGu/Uq/5N0evgoTORpheH2fWeFeTObKQzD58G2kXWwmWakqKxwEKrMJXK27KI7Xg1tTvPdKZmojgAXFtSfMovh50Xs4uohz1MM8iF4wOqdTqecQzIWv229k7Qwt1kPE/BdDhtgkfHc+pcJvOVD6ewVCqAg+0ZeWWEa2sVadQycFCGIO7mBw/MkPVPQOPxRITY7ZyVxjpRpOi3wXZ+KeWCrg3Wi2am8Fi1bcOiv+IepCNm0MlQHaL7zTj2niFj4sDVU9V0vLJsouMDih7o7+Z29VcMakLiVJ86utQBIwHzVOE3eLKXa8keHPZVsrfF0H/s98tgw9eVMW5O/+zll+YrCWiN0J487TT8zDNrXr7P9ZCKukQm2eMAFmpEIxnLPYEJ4bxFa8ZvxcQX4coUgF/aGfePp0g4JeTnRptIPF/SfrNAYUPXf2NNkmoEmTqhBGMCPEJxzHv+CN8NzThxaNVFs3DKix0CrgifFy1AdDG6XUVW5cZ+JM+/MhAZ3PFoLAV72bu+30hByKlExR84d8sbC4uIcaH8KVZJMOfREvbVnDa4T+fCh0NeU2vojYr/BAilxDWVMtoIy3kxm2lLz+Skhv4UVQid6j7JvbTvfr5XXhne6clT4ANlBbPYCYd5PENhLs/UtJWiqYtDNe1UQ+SfaHNtGxscvWvnov3b7P1CYWF3GL2ZfG95V17pL9jbJUhpX5L3CkDzwcU1f4Vi8aBKWHMb12gnuE85ZDkWMaCEuT4emCgWZHBQ/FolT1CkST3OQK4TXA/5jXPDLCd5yxO+5tls2+BZkum259hvPhKqjJQLqDzTya7cRGpfQ5qNWtugB1UI300O8/IXFDSL1ZOuOFwAHRmUEGHv4a2rR8RcGnB552+gTBhw1zP7QfkJ9BaKxpQsj921iUov4bzU5qP5b6OY8T8XnZuTU5evyZlSpWE0S9R1Xl1Vnk90+yMPw3wBgtLKQ0JNkO5Knti05PhS+cHUwmQA7aoW2nHprBlXKbQ8vCEVnwq7B2r+viULJYkfFWwkt+A1CIwb07eWobq77pjaELmTOAD/TbDZk9UMVDmPEviHcAJR4TqZ7OCEGnMCBR0Y3Lxr0neJnihKlkbqPUNvvyFnQUjVkm+dGUUN4GfaqqQq5UJ0DO8bUzI+xKOBXzs69rcuM0VVYc0veewXYFxJb9/Vs8w/IBpGqedtuown9W3yt38DN+wkqIPZJCsvDLO0RZs2G6YVL7IZWCfgl1HjZgFx/Frjl5FwQBvnfjFHvPRpF+ApJobO05acYjEZ3xcA0NccN7cmSQ9Mqetfa9ZFFvalRur9gyuNBe3fxyx5bKoMXCSRreHh0xxqp3UKoX0Pci6A1LVWntGn6nr0nVD+6foiDZVkv9JxB6y7TAQw0fW5OXLt4vZfp35RWvlSxoTomj5kUS95BOS2l60lpuB3GJQOxuvu7UppsTx37GiHvZK7txWIzhT4pbzdcHBBMltidQ3dTBq6Fq+lTsiRxxHCg7smYsydvDXcc6BQcoZayHK8Gw2g5C6BKPe6danflInap7BXtHXjSu+Ivynabc+JA9ANteGPZ0wJRQTk3ySzxg+jR7pnOJusjYxKy7WvA\u003d"]}

Targets

    • Target

      Virus_Destructive.exe

    • Size

      249KB

    • MD5

      1241c7fa483e828693d121d6933ccc19

    • SHA1

      d766b6a14c9476aad4fb994fa06a24265f1eb24b

    • SHA256

      4a132f5fca3763d8328c66ae447ac331e5bede35a63b6cac8bd845a3504d5bbb

    • SHA512

      febb9519e5c63ea50d673c26a98fa675378c1d9205bd9bc878aeb3e0130c2cd877ad922df4a2c7dcea7a9815b6fae83becb896e38f59f3d7a7edf0e161cd28ff

    Score
    10/10
    ryukdiscoveryevasionexploitransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks