Extracted

• • Target

    b7e945a8dafc91ebe8c8717ee3107498afc1ad5461599611d2fb07aaa7700aa1

  • Size

    151KB

  • MD5

    2af0f010e71cb1ecddc52b13e4149ea2

  • SHA1

    6caead7f091d18baa393cdea1955d43fd7853850

  • SHA256

    b7e945a8dafc91ebe8c8717ee3107498afc1ad5461599611d2fb07aaa7700aa1

  • SHA512

    72856c70b931cbb1e0bf6c006cb959d7735cde779d40e56964e58578daf91ac0e0cbf8f3fb05efba3afe7400e3f2450acc98b711f1b29b2a9fb891ae86b13f66

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2