Overview

overview

10

Static

static

7c1e0597dd...20.exe

windows7_x64

10

7c1e0597dd...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c1e0597dd5a1e2d48c9cede54843aa7c299f7404630b5a2aafac2eec7358b20

  • Size

    126KB

  • Sample

    220220-f4hreahbc7

  • MD5

    fca20e17ce8c0c3f3c78d82c953472ed

  • SHA1

    c8ecc9b34184e7e1c15b4ed49fb838e7882dbfc6

  • SHA256

    7c1e0597dd5a1e2d48c9cede54843aa7c299f7404630b5a2aafac2eec7358b20

  • SHA512

    5a38ab6f0401c57e0ab1a0f889fe4db8b3fbeda0abbbb87d21da870de604615446a83f6b156ecb36d9101072d429ce7589439916404bc2e76b751847b8947152

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Targets

    • Target

      7c1e0597dd5a1e2d48c9cede54843aa7c299f7404630b5a2aafac2eec7358b20

    • Size

      126KB

    • MD5

      fca20e17ce8c0c3f3c78d82c953472ed

    • SHA1

      c8ecc9b34184e7e1c15b4ed49fb838e7882dbfc6

    • SHA256

      7c1e0597dd5a1e2d48c9cede54843aa7c299f7404630b5a2aafac2eec7358b20

    • SHA512

      5a38ab6f0401c57e0ab1a0f889fe4db8b3fbeda0abbbb87d21da870de604615446a83f6b156ecb36d9101072d429ce7589439916404bc2e76b751847b8947152

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks