af5169631789347e6884a5402a945d7eac6d07784a79caf858ab59c8e2201e8b

General
Target

af5169631789347e6884a5402a945d7eac6d07784a79caf858ab59c8e2201e8b

Size

120KB

Sample

220306-cw9y5shgg3

Score
10 /10
MD5

d06b3960bbb5b12b3b5827296d6551db

SHA1

58c0a54b4c6dd1f616631ffd973a54ee77b50c55

SHA256

af5169631789347e6884a5402a945d7eac6d07784a79caf858ab59c8e2201e8b

SHA512

e40bc6aab4fa50543f649879aa0ecd200a60e305057cf32671067377d0c027b869bcbbf28e02e408d9ec77f6ed058f6a70cf68849eda8cef67281d3717ee75f0

Malware Config

Extracted

Path C:\$Recycle.Bin\RyukReadMe.html
Family ryuk
Ransom Note
apmasampbubb1977@protonmail.com balance of shadow universe Ryuk
Emails

apmasampbubb1977@protonmail.com

Targets
Target

af5169631789347e6884a5402a945d7eac6d07784a79caf858ab59c8e2201e8b

MD5

d06b3960bbb5b12b3b5827296d6551db

Filesize

120KB

Score
10/10
SHA1

58c0a54b4c6dd1f616631ffd973a54ee77b50c55

SHA256

af5169631789347e6884a5402a945d7eac6d07784a79caf858ab59c8e2201e8b

SHA512

e40bc6aab4fa50543f649879aa0ecd200a60e305057cf32671067377d0c027b869bcbbf28e02e408d9ec77f6ed058f6a70cf68849eda8cef67281d3717ee75f0

Tags

Signatures

  • Ryuk

    Description

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    Tags

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10