ryuk

General

Target

b53e77ab55abf1c7cc68a06e6260810948444cefe57b306febfed7e1f6c7619d
Size

121KB
Sample

220220-dgyg8sgad8
MD5

6230b3044d91004700121402341d9bc6
SHA1

d98bd8631a432e1c5e5d091fd4085901a8935972
SHA256

b53e77ab55abf1c7cc68a06e6260810948444cefe57b306febfed7e1f6c7619d
SHA512

1a9afa17b70f5d6976cb61fadd418a6481ed605fb7813575ff02bad45099c1460933ffeafe60c6545a0fe1ca3943c32a0e7d668bb14093bc6520a5cace9373bd

Score

10^/10

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = 'HrP7O1qDZDw'; $torlink = 'http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion

Targets

- Target
  
  b53e77ab55abf1c7cc68a06e6260810948444cefe57b306febfed7e1f6c7619d
- Size
  
  121KB
- MD5
  
  6230b3044d91004700121402341d9bc6
- SHA1
  
  d98bd8631a432e1c5e5d091fd4085901a8935972
- SHA256
  
  b53e77ab55abf1c7cc68a06e6260810948444cefe57b306febfed7e1f6c7619d
- SHA512
  
  1a9afa17b70f5d6976cb61fadd418a6481ed605fb7813575ff02bad45099c1460933ffeafe60c6545a0fe1ca3943c32a0e7d668bb14093bc6520a5cace9373bd
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Modifies file permissions

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2