ryuk

General

Target

57ae2c58e9a78ce3021c7ed801b3e7f0eada5eeb070c519f573ff9d8bb09ca14
Size

171KB
Sample

220220-hx9bwsahhq
MD5

643edd16a075087e1f52c90520191966
SHA1

e40f903c67de534bc0a3b0ca7bd86eed321381e6
SHA256

57ae2c58e9a78ce3021c7ed801b3e7f0eada5eeb070c519f573ff9d8bb09ca14
SHA512

48a05089ef89cf4509a656b30045e8bd200366d09ffcd15ab92e9b1e3ee5d9395f471370670cd2eeec6dda65897f1576e4ccd9cee5bc674e85d55df47258e5a6

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> [email protected] </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Targets

- Target
  
  57ae2c58e9a78ce3021c7ed801b3e7f0eada5eeb070c519f573ff9d8bb09ca14
- Size
  
  171KB
- MD5
  
  643edd16a075087e1f52c90520191966
- SHA1
  
  e40f903c67de534bc0a3b0ca7bd86eed321381e6
- SHA256
  
  57ae2c58e9a78ce3021c7ed801b3e7f0eada5eeb070c519f573ff9d8bb09ca14
- SHA512
  
  48a05089ef89cf4509a656b30045e8bd200366d09ffcd15ab92e9b1e3ee5d9395f471370670cd2eeec6dda65897f1576e4ccd9cee5bc674e85d55df47258e5a6
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2