ryuk

General

Target

f63501542310745baa8fa2026930590cd690b53bfddb940378eca685a2c5e682
Size

188KB
Sample

220220-akyqmaegh5
MD5

81a657edce1fc7c97e2e3367e676339f
SHA1

13a1686aaaba2c46792b468ca78f6f20a3817468
SHA256

f63501542310745baa8fa2026930590cd690b53bfddb940378eca685a2c5e682
SHA512

2233a938fa19a39d9052a2e339b18b140d9e258a9d3394219e60c636095566647faacba4ee72d007ade4c768cdece84b373f029bb19e53b3279e99f1204ee07e

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] balance of shadow universe Ryuk

Emails

[email protected]

Targets

- Target
  
  f63501542310745baa8fa2026930590cd690b53bfddb940378eca685a2c5e682
- Size
  
  188KB
- MD5
  
  81a657edce1fc7c97e2e3367e676339f
- SHA1
  
  13a1686aaaba2c46792b468ca78f6f20a3817468
- SHA256
  
  f63501542310745baa8fa2026930590cd690b53bfddb940378eca685a2c5e682
- SHA512
  
  2233a938fa19a39d9052a2e339b18b140d9e258a9d3394219e60c636095566647faacba4ee72d007ade4c768cdece84b373f029bb19e53b3279e99f1204ee07e
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2