ryuk

General

Target

8ec0c670fa446d9f59372fccb1ad2438a7b8ecac9f91ac2fc6483557c854d93c
Size

188KB
Sample

220220-fa5zvagge3
MD5

63a46709a4e2eee46c3f9d2ff65a2c88
SHA1

f2cacaabcea399c95c6ee8bdfdf5b8ee6d7644b6
SHA256

8ec0c670fa446d9f59372fccb1ad2438a7b8ecac9f91ac2fc6483557c854d93c
SHA512

2396c89a15b2e87952641dff7aa8644b6b70543697d3fbe4ec945e47028277c783661794ea0eef63ab985765a66b47464b51154fdff7b6ac44ffa33899308441

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] balance of shadow universe Ryuk

Emails

[email protected]

Targets

- Target
  
  8ec0c670fa446d9f59372fccb1ad2438a7b8ecac9f91ac2fc6483557c854d93c
- Size
  
  188KB
- MD5
  
  63a46709a4e2eee46c3f9d2ff65a2c88
- SHA1
  
  f2cacaabcea399c95c6ee8bdfdf5b8ee6d7644b6
- SHA256
  
  8ec0c670fa446d9f59372fccb1ad2438a7b8ecac9f91ac2fc6483557c854d93c
- SHA512
  
  2396c89a15b2e87952641dff7aa8644b6b70543697d3fbe4ec945e47028277c783661794ea0eef63ab985765a66b47464b51154fdff7b6ac44ffa33899308441
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2