General
-
Target
87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de
-
Size
117KB
-
Sample
220220-fl152ahhfn
-
MD5
aaa963a1b4c71047d667f0c3d1760d44
-
SHA1
90ce48d945427822647242d42678fb6fb5b77d73
-
SHA256
87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de
-
SHA512
c3cfc8f91ac084ba4ed03e615bd0c55ef65dae3c0618dade3eccd1e2aada1edf30b6cd03e7240b2fce19b5f4f3071ee8c39ab57b0bd073d8049982eb9aea54c8
Static task
static1
Behavioral task
behavioral1
Sample
87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\users\Public\RyukReadMe.html
ryuk
http://etnbhivw5fjqytbmvt2o6zle3avqn6rrugfc35kmcmedbbgqbxtknlqd.onion
Targets
-
-
Target
87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de
-
Size
117KB
-
MD5
aaa963a1b4c71047d667f0c3d1760d44
-
SHA1
90ce48d945427822647242d42678fb6fb5b77d73
-
SHA256
87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de
-
SHA512
c3cfc8f91ac084ba4ed03e615bd0c55ef65dae3c0618dade3eccd1e2aada1edf30b6cd03e7240b2fce19b5f4f3071ee8c39ab57b0bd073d8049982eb9aea54c8
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-