General
-
Target
6eca3f416a08fde6688250dbd4ba4dfaa3df95a5d26b6d978dfbd67fbd159619
-
Size
123KB
-
Sample
220220-gqechahdc7
-
MD5
170e82abf8cd1e4c2f360795eeb4e78f
-
SHA1
1b7864fe3338bfdc312c0159ee5cb3054d9d3add
-
SHA256
6eca3f416a08fde6688250dbd4ba4dfaa3df95a5d26b6d978dfbd67fbd159619
-
SHA512
83d9558a7b3bef56af0833f016f75f7b649b21ef300d0369ad0e2bb5bf11818c1a9cbe632c062fa7c896fb266392e595957806e9f90b12d42444bccfe3ee5639
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
12vsQry1XrPjPCaH8gWzDJeYT7dhTmpcjL
Targets
-
-
Target
6eca3f416a08fde6688250dbd4ba4dfaa3df95a5d26b6d978dfbd67fbd159619
-
Size
123KB
-
MD5
170e82abf8cd1e4c2f360795eeb4e78f
-
SHA1
1b7864fe3338bfdc312c0159ee5cb3054d9d3add
-
SHA256
6eca3f416a08fde6688250dbd4ba4dfaa3df95a5d26b6d978dfbd67fbd159619
-
SHA512
83d9558a7b3bef56af0833f016f75f7b649b21ef300d0369ad0e2bb5bf11818c1a9cbe632c062fa7c896fb266392e595957806e9f90b12d42444bccfe3ee5639
Score10/10-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Drops desktop.ini file(s)
-