ryuk

General

Target

92815ba6471287eb405fe74ee85ed000821d4d6f8c9a0154b289be8b2e7c7e5d
Size

192KB
Sample

220220-e5fg1ahgbk
MD5

038fecb750d14f0a31fa83f3f95b7e88
SHA1

b5e793997283f6706d89f3f9f05389bd786c63b4
SHA256

92815ba6471287eb405fe74ee85ed000821d4d6f8c9a0154b289be8b2e7c7e5d
SHA512

79263ae2f6489382995a9baab87aec46b91665221b6a837b642143587c095d8cf4a6f03c8f8a2883405ba16a750d987c374f88623d83fdd1d3d7467cf77c82ed

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] balance of shadow universe Ryuk

Emails

[email protected]

Targets

- Target
  
  92815ba6471287eb405fe74ee85ed000821d4d6f8c9a0154b289be8b2e7c7e5d
- Size
  
  192KB
- MD5
  
  038fecb750d14f0a31fa83f3f95b7e88
- SHA1
  
  b5e793997283f6706d89f3f9f05389bd786c63b4
- SHA256
  
  92815ba6471287eb405fe74ee85ed000821d4d6f8c9a0154b289be8b2e7c7e5d
- SHA512
  
  79263ae2f6489382995a9baab87aec46b91665221b6a837b642143587c095d8cf4a6f03c8f8a2883405ba16a750d987c374f88623d83fdd1d3d7467cf77c82ed
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2