ryuk

General

Target

9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2
Size

174KB
Sample

220130-kb7maahdbq
MD5

86c314bc2dc37ba84f7364acd5108c2b
SHA1

ad20c6fac565f901c82a21b70f9739037eb54818
SHA256

9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2
SHA512

2c91a702a771007e7475413e7b429acdc12616516e5bcc49c887ebdfa051114bf86092c31a49ca5a6b16ccabd546ffe7d662ff8587515a977d7bdb89db9a6e42

Score

10^/10

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. This may lead to the impossibility of recovery of the certain files. To get info (decrypt your files) contact us at [email protected] or [email protected] BTC wallet: 1KURvApbe1yC7qYxkkkvtdZ7hrNjdp18sQ Ryuk No system is safe

Emails

[email protected]

Wallets

1KURvApbe1yC7qYxkkkvtdZ7hrNjdp18sQ

Targets

- Target
  
  9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2
- Size
  
  174KB
- MD5
  
  86c314bc2dc37ba84f7364acd5108c2b
- SHA1
  
  ad20c6fac565f901c82a21b70f9739037eb54818
- SHA256
  
  9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2
- SHA512
  
  2c91a702a771007e7475413e7b429acdc12616516e5bcc49c887ebdfa051114bf86092c31a49ca5a6b16ccabd546ffe7d662ff8587515a977d7bdb89db9a6e42
Score

10^/10

ryuk persistence ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2