Extracted

• • Target

    9e8f01b3fb2513649da36630fd7d20a2b87d11d5ec2e1f151498fd879d0d6d39

  • Size

    170KB

  • MD5

    26f3ee3f591b0d3a267d8b1ac6ffd59c

  • SHA1

    e4f263ef3beb7e77ade5225c9d1e7d24bab668d0

  • SHA256

    9e8f01b3fb2513649da36630fd7d20a2b87d11d5ec2e1f151498fd879d0d6d39

  • SHA512

    aaae22bf758fbf8fe707ad0ee6d9e30421924461be1470d1232d8c20b404310070175f2f59db84f0d31220e5198c2290012fe18c25a005d02bcb6bf3921b10cb

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2