Extracted

• • Target

    b5149d96cfbb0805e4ea55c8ca526eec6d44e953a48fb9027165156a51b9fb2f

  • Size

    65KB

  • MD5

    3e2ffab5f65572b6c3c2d6b060f9b3b5

  • SHA1

    48a6f21c662003ddf0a2039ddce3d9f4a77737f0

  • SHA256

    b5149d96cfbb0805e4ea55c8ca526eec6d44e953a48fb9027165156a51b9fb2f

  • SHA512

    3a16f8611d0b30a9db8452ad493214c0d5fcfd69ac043940d88f39e4baa2ad889e047d3d061ff86f23e04b82b15b247cabb2c991d9e8edd04232acfede3051c5

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2