ryuk

General

Target

0db010c56aee75c099cbd415dd5b18bfdef64e95ea20cb27008106c167ff4779
Size

169KB
Sample

220219-j625lsagen
MD5

8d9db61a893f5919641a7b4005a78850
SHA1

fa768baedc9ca06f253ff993d2f4d0aee402959b
SHA256

0db010c56aee75c099cbd415dd5b18bfdef64e95ea20cb27008106c167ff4779
SHA512

cbc5f3ed290b1c7e8989cf820ec13d59af010b283cd66b76558953e786c9e867c5442e56331c49f8d084acd6af6792f0d57a7e234025b2cecc17c4151c85d0b4

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> [email protected] </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Targets

- Target
  
  0db010c56aee75c099cbd415dd5b18bfdef64e95ea20cb27008106c167ff4779
- Size
  
  169KB
- MD5
  
  8d9db61a893f5919641a7b4005a78850
- SHA1
  
  fa768baedc9ca06f253ff993d2f4d0aee402959b
- SHA256
  
  0db010c56aee75c099cbd415dd5b18bfdef64e95ea20cb27008106c167ff4779
- SHA512
  
  cbc5f3ed290b1c7e8989cf820ec13d59af010b283cd66b76558953e786c9e867c5442e56331c49f8d084acd6af6792f0d57a7e234025b2cecc17c4151c85d0b4
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2