Extracted

• • Target

    6ea3da41f8159b93733ecf63c786880e4095f4107c995acc4e841aa51fc3b5e3

  • Size

    170KB

  • MD5

    6076c6a3207cde7fd0f2f28924efb63d

  • SHA1

    2f7cc3d8c7acd1614bf064f823b7f33078bff3e2

  • SHA256

    6ea3da41f8159b93733ecf63c786880e4095f4107c995acc4e841aa51fc3b5e3

  • SHA512

    a18d3feb5a0b571d703e9bfeb5cea33768ddc8e0b8bea4f80f4a18c4dfa4aca2067182260efbd2a33483067d640b7fb7c025b011a0ab044f2cfe7bd8771066fe

  Score

  10^/10

  ryukpersistenceransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2