ryuk

General

Target

7a08d89337170c61788759dcb0d9287551a338b592ebd915cd0249be33736841
Size

171KB
Sample

220220-f7a6qsabgl
MD5

d92a64dce52edbbf70f9a5ebd25600be
SHA1

7e0a7323d4ba0454e6d54c4746dbac8373af9d0d
SHA256

7a08d89337170c61788759dcb0d9287551a338b592ebd915cd0249be33736841
SHA512

a629f2c4e38b4ee3a357f24da3f5e5310081bb46617f5e67a634e6308ce946860701879a114852eb2dc30d7d5696bcf01df9715cd3f689c2b19f879701600471

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> [email protected] </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Targets

- Target
  
  7a08d89337170c61788759dcb0d9287551a338b592ebd915cd0249be33736841
- Size
  
  171KB
- MD5
  
  d92a64dce52edbbf70f9a5ebd25600be
- SHA1
  
  7e0a7323d4ba0454e6d54c4746dbac8373af9d0d
- SHA256
  
  7a08d89337170c61788759dcb0d9287551a338b592ebd915cd0249be33736841
- SHA512
  
  a629f2c4e38b4ee3a357f24da3f5e5310081bb46617f5e67a634e6308ce946860701879a114852eb2dc30d7d5696bcf01df9715cd3f689c2b19f879701600471
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2