ryuk

General

Target

cb6e0dcae5a36d4f8bf939b4928708f26453cdef324c205e809b6fec484cf478
Size

123KB
Sample

220220-cgymkagegk
MD5

c22c2847e3318190b9c9f16dc4b044ca
SHA1

c6f8e944701b557a905754551cc939b9c4956bdc
SHA256

cb6e0dcae5a36d4f8bf939b4928708f26453cdef324c205e809b6fec484cf478
SHA512

2f1e14bfd5134760a62db30980b8541ead8ffe1ac244e2699d46b255b36299d0e87aab8281b7a08b0c77a9da45ab7a812cbd42147fcdf00246fe6f4afe251012

Score

10^/10

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Targets

- Target
  
  cb6e0dcae5a36d4f8bf939b4928708f26453cdef324c205e809b6fec484cf478
- Size
  
  123KB
- MD5
  
  c22c2847e3318190b9c9f16dc4b044ca
- SHA1
  
  c6f8e944701b557a905754551cc939b9c4956bdc
- SHA256
  
  cb6e0dcae5a36d4f8bf939b4928708f26453cdef324c205e809b6fec484cf478
- SHA512
  
  2f1e14bfd5134760a62db30980b8541ead8ffe1ac244e2699d46b255b36299d0e87aab8281b7a08b0c77a9da45ab7a812cbd42147fcdf00246fe6f4afe251012
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies file permissions
  discovery
behavioral1 behavioral2