Extracted

• • Target

    def050d478f9e84882b007f3cd20dc4ffd3bf6f913532caa63ee4c9aec37dc86

  • Size

    202KB

  • MD5

    19c2252f877112192dd1112dde32e3d4

  • SHA1

    33f7c585527d012ba115d313003ca52b0fabcdb6

  • SHA256

    def050d478f9e84882b007f3cd20dc4ffd3bf6f913532caa63ee4c9aec37dc86

  • SHA512

    4f639986b6464c5b7802ed8f4bb2f069489da5ea556181db51b0ced62cf9e0f2afc8287d99b7a3678ed9402b629f4205dd8a92c4f4862977b2294f7df2a941bc

  Score

  10^/10

  ryukransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops desktop.ini file(s)

  behavioral1behavioral2