ryuk | 11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0 | Triage

Sharing

General

Target

11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0
Size

122KB
Sample

220305-zxyc3aahgk
MD5

bd0d931b21e4d8f85cea56b3e17b5f49
SHA1

e0c604bcf4dc48f5929d382f7af84b157ceb87db
SHA256

11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0
SHA512

a6d6f736e4b86e3544ede2b0a285639a20295de75b26b606add66504d7e238ae2439e6d9549bc0cd13cd8ff6917a481fb275761991444d70497a27c10f368d29

Score

10^/10

ryuk discovery ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] balance of shadow universe Ryuk

Emails

[email protected]

Targets

- Target
  
  11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0
- Size
  
  122KB
- MD5
  
  bd0d931b21e4d8f85cea56b3e17b5f49
- SHA1
  
  e0c604bcf4dc48f5929d382f7af84b157ceb87db
- SHA256
  
  11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0
- SHA512
  
  a6d6f736e4b86e3544ede2b0a285639a20295de75b26b606add66504d7e238ae2439e6d9549bc0cd13cd8ff6917a481fb275761991444d70497a27c10f368d29
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ryukdiscoveryransomware

behavioral2

ryukdiscoveryransomware