Extracted

• • Target

    8fe01ec7a48e40dc8292e1ee22db0e59b549c46cb3163447f920a420bfb91cdd

  • Size

    119KB

  • MD5

    fc5473e4320cedbb353b77955ecf2366

  • SHA1

    081a837503dfa82c177ef1229b2c00215d676442

  • SHA256

    8fe01ec7a48e40dc8292e1ee22db0e59b549c46cb3163447f920a420bfb91cdd

  • SHA512

    3f378525a049557b46193b4f0b4611fbb73cac095983ac75da46f5574ba829cc51bb5c3ab6747591607e73ce89a77da0843e1c6098be7e56c7a3a5fa8578f7c1

  Score

  10^/10

  ryukdiscoveryransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Modifies file permissions

    discovery
  behavioral1behavioral2