Extracted

• • Target

    f48c52b820c7ec36afb411dc052d83ced667db46d5b9b729748e73fb70cb1421

  • Size

    151KB

  • MD5

    a0a2c05256ee2727a2dfade4dc7544d6

  • SHA1

    fba2fbb09c96de73c903ab40894225cc235bdcfe

  • SHA256

    f48c52b820c7ec36afb411dc052d83ced667db46d5b9b729748e73fb70cb1421

  • SHA512

    48c10e276f2455a29b352db81e72fa1b7bbbe3ef46e8998e1e44900e97cc3fa5682e424fbb0680594dcc45b2003c20bae15fc46f2822001d7669d7b1b7335ddf

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2