Overview

overview

10

Static

static

235ab3857b...ac.exe

windows7_x64

10

235ab3857b...ac.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    235ab3857ba2d2cd09311d6cc7bf1139863022579ea98be2b503921104ee20ac

  • Size

    129KB

  • Sample

    220220-lamfdscaeq

  • MD5

    5f7dd3740a3a4ea74e2ee234f6de26aa

  • SHA1

    d9f8eb52ce514d3dbf8f8e6a1ecb29c1dc46ea12

  • SHA256

    235ab3857ba2d2cd09311d6cc7bf1139863022579ea98be2b503921104ee20ac

  • SHA512

    8d7af1574a8c11312a7b02e4711c179b7ab9ebcaa426976368059ed97d5f438181df81058e08efcb7fac0d3c36a0c11a417c6536504f6ef2d476d144f2e9af4a

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Targets

    • Target

      235ab3857ba2d2cd09311d6cc7bf1139863022579ea98be2b503921104ee20ac

    • Size

      129KB

    • MD5

      5f7dd3740a3a4ea74e2ee234f6de26aa

    • SHA1

      d9f8eb52ce514d3dbf8f8e6a1ecb29c1dc46ea12

    • SHA256

      235ab3857ba2d2cd09311d6cc7bf1139863022579ea98be2b503921104ee20ac

    • SHA512

      8d7af1574a8c11312a7b02e4711c179b7ab9ebcaa426976368059ed97d5f438181df81058e08efcb7fac0d3c36a0c11a417c6536504f6ef2d476d144f2e9af4a

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks