ryuk

General

Target

eb5b82d6f4b1150d3bb6a76102ab713ad05c2f4c2045bd53373e6fecae04f01a
Size

182KB
Sample

220220-a3fmrsfhfj
MD5

e3a6a47d619dc38d039270dde995e1f8
SHA1

494a15923bd9b0c2410f8d44930da53c0aa97f6d
SHA256

eb5b82d6f4b1150d3bb6a76102ab713ad05c2f4c2045bd53373e6fecae04f01a
SHA512

1868bcc3e263dc1d6a3f0c5f7232c4c75360fcac19895f6709cf126a42a396962c30228a47b8784b9dfb8ca634350c46511f85a8423bd4b4e94f6357f9f5f10f

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> [email protected] </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Targets

- Target
  
  eb5b82d6f4b1150d3bb6a76102ab713ad05c2f4c2045bd53373e6fecae04f01a
- Size
  
  182KB
- MD5
  
  e3a6a47d619dc38d039270dde995e1f8
- SHA1
  
  494a15923bd9b0c2410f8d44930da53c0aa97f6d
- SHA256
  
  eb5b82d6f4b1150d3bb6a76102ab713ad05c2f4c2045bd53373e6fecae04f01a
- SHA512
  
  1868bcc3e263dc1d6a3f0c5f7232c4c75360fcac19895f6709cf126a42a396962c30228a47b8784b9dfb8ca634350c46511f85a8423bd4b4e94f6357f9f5f10f
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2