Extracted

• • Target

    d7953e6c5c6cca21de1b6db5639e70582ead7f02d4e5b3546d2ff285e283b50e

  • Size

    170KB

  • MD5

    69693141762821147d2e79b9d4c76354

  • SHA1

    ffe7d03662ebe8ff71f96f3f5994e17ca8129b9b

  • SHA256

    d7953e6c5c6cca21de1b6db5639e70582ead7f02d4e5b3546d2ff285e283b50e

  • SHA512

    503b604ffa13d67265513db6bef6b7e263bd10969a6002e5838798fa4ace12ce1963ddc0844412e252b5346d06b05ba48b70e52cc9aa580379d70a2e3517beff

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2