Extracted

• • Target

    d4422c4f4a26aecad6e754dd172278305bacfa7d5ff285f6a74ed6c610307d59

  • Size

    147KB

  • MD5

    ef372e7d0490bce48f6c11fe9f6c96c2

  • SHA1

    7ad646e6654e982d10c0bd6d9941476064800ebe

  • SHA256

    d4422c4f4a26aecad6e754dd172278305bacfa7d5ff285f6a74ed6c610307d59

  • SHA512

    a9b0b45ddd4089b73897592162c947f6e8e1dbce5ee5548294b3dde7f2b06aa23c8fb10be947282514fdacdc1eabdc252ef7c24c11f5b3d87212c35f49212f36

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2