Extracted

• • Target

    b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8

  • Size

    168KB

  • MD5

    958c594909933d4c82e93c22850194aa

  • SHA1

    d7c5fa9df1c79a7d0c178d0b7a2fe6d104d35278

  • SHA256

    b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8

  • SHA512

    b8bc89d574b3838cd219f276a348f0438fa2963bf7d7ee17ca4662ed3a00339455f587a0cd7459c0da5b468e5f0ff718285120ac972ae3c7c170e375110f906b

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2