Extracted

Extracted

• • Target

    8366f63d37f8cefda19657c49000b662c4dde38463517c34168b33bf427db5d2

  • Size

    187KB

  • MD5

    2ee9a7ce3356c032d49c1947761c63b2

  • SHA1

    30181311c46b89cc3e01d3d8207c4c533199fa88

  • SHA256

    8366f63d37f8cefda19657c49000b662c4dde38463517c34168b33bf427db5d2

  • SHA512

    d2e8c140e5935ab0761283c8f85a0f9881129a0f131e51d1d4e1257d47874be9326437bac33c1f921eff3f0658b0147f026492083e47d8bea6b50ddc9873afd2

  Score

  10^/10

  ryukransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2