ryuk

General

Target

06a7b97d2800561df9435bf60de8e261ac8f9079b588aa1d83347e52f7a7c5f4
Size

193KB
Sample

220219-kkemvshhh8
MD5

95fd26f6908ef7a718a4392c5c91e2c7
SHA1

31d98aeca3e2d27a2882fc65fba78e31e7aaee0f
SHA256

06a7b97d2800561df9435bf60de8e261ac8f9079b588aa1d83347e52f7a7c5f4
SHA512

08679e973186546c87163fd93179f341a4de4f8241d937c42e4524fc1eb63e9f9f0d3381368226716fb927ea59df7975ec69b0b029038ac5eadcfdd1d001ca73

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> [email protected] </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] [email protected] balance of shadow universe Ryuk

Emails

[email protected]

Targets

- Target
  
  06a7b97d2800561df9435bf60de8e261ac8f9079b588aa1d83347e52f7a7c5f4
- Size
  
  193KB
- MD5
  
  95fd26f6908ef7a718a4392c5c91e2c7
- SHA1
  
  31d98aeca3e2d27a2882fc65fba78e31e7aaee0f
- SHA256
  
  06a7b97d2800561df9435bf60de8e261ac8f9079b588aa1d83347e52f7a7c5f4
- SHA512
  
  08679e973186546c87163fd93179f341a4de4f8241d937c42e4524fc1eb63e9f9f0d3381368226716fb927ea59df7975ec69b0b029038ac5eadcfdd1d001ca73
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2