Overview

overview

10

Static

static

11a6f8c683...f0.exe

windows7_x64

10

11a6f8c683...f0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0

  • Size

    122KB

  • Sample

    220305-zxyc3aahgk

  • MD5

    bd0d931b21e4d8f85cea56b3e17b5f49

  • SHA1

    e0c604bcf4dc48f5929d382f7af84b157ceb87db

  • SHA256

    11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0

  • SHA512

    a6d6f736e4b86e3544ede2b0a285639a20295de75b26b606add66504d7e238ae2439e6d9549bc0cd13cd8ff6917a481fb275761991444d70497a27c10f368d29

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\RyukReadMe.html

Family

ryuk

Ransom Note
lpuresneko1984@protonmail.com balance of shadow universe Ryuk
Emails

lpuresneko1984@protonmail.com

Targets

    • Target

      11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0

    • Size

      122KB

    • MD5

      bd0d931b21e4d8f85cea56b3e17b5f49

    • SHA1

      e0c604bcf4dc48f5929d382f7af84b157ceb87db

    • SHA256

      11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0

    • SHA512

      a6d6f736e4b86e3544ede2b0a285639a20295de75b26b606add66504d7e238ae2439e6d9549bc0cd13cd8ff6917a481fb275761991444d70497a27c10f368d29

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks