ryuk

General

Target

248fc2f3ee9edf8264afe74c7b2f381a3a259fb790cfdbaec90bccf7119be266
Size

149KB
Sample

220220-k8n67scacn
MD5

3159804eeee22d4b70a4b2c3249f8bed
SHA1

e7048b671e95d3927199d2529ee400ab39a1a804
SHA256

248fc2f3ee9edf8264afe74c7b2f381a3a259fb790cfdbaec90bccf7119be266
SHA512

ee0a6f9418bf786672fe4ac31b9480312c533c0e132cc61dcb8551e655ae0a768600f41098f0354794d5e6316159fe0d1ee6b140897211290632de511ab9ffdc

Score

10^/10

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] BTC wallet: 1CbP3cgi1Bcjuz6g2Fwvk4tVhqohqAVpDQ Ryuk No system is safe

Emails

[email protected]

Wallets

1CbP3cgi1Bcjuz6g2Fwvk4tVhqohqAVpDQ

Targets

- Target
  
  248fc2f3ee9edf8264afe74c7b2f381a3a259fb790cfdbaec90bccf7119be266
- Size
  
  149KB
- MD5
  
  3159804eeee22d4b70a4b2c3249f8bed
- SHA1
  
  e7048b671e95d3927199d2529ee400ab39a1a804
- SHA256
  
  248fc2f3ee9edf8264afe74c7b2f381a3a259fb790cfdbaec90bccf7119be266
- SHA512
  
  ee0a6f9418bf786672fe4ac31b9480312c533c0e132cc61dcb8551e655ae0a768600f41098f0354794d5e6316159fe0d1ee6b140897211290632de511ab9ffdc
Score

10^/10

ryuk persistence ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2