ffbf608aaef69e1ee53f8303c685604dd584985f809d19f6cbc914fa86b3ae66

General
Target

ffbf608aaef69e1ee53f8303c685604dd584985f809d19f6cbc914fa86b3ae66

Size

118KB

Sample

220506-sdctpacgan

Score
10 /10
MD5

a31089dc3cafe77c39268273d689193b

SHA1

032e0b9a0bf012401507be974ee6bdb3e6726fd7

SHA256

ffbf608aaef69e1ee53f8303c685604dd584985f809d19f6cbc914fa86b3ae66

SHA512

d92748b34286c21f4781b147000be1b54cf57e14587517638647b8369ccd01b3ecb00545be0d87d44f9dde6b30a404db2740bf06275dea647efc33eafd65d2f4

Malware Config

Extracted

Path C:\users\Public\RyukReadMe.html
Family ryuk
Ransom Note
contact balance of shadow universe Ryuk $password = 'N2QvTsXamJ'; $torlink = 'http://zq6gyokyso6dgsxitjuk2tkq2rl4saq4tkz2idcf6z3tfondtvemshad.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://zq6gyokyso6dgsxitjuk2tkq2rl4saq4tkz2idcf6z3tfondtvemshad.onion

Targets
Target

ffbf608aaef69e1ee53f8303c685604dd584985f809d19f6cbc914fa86b3ae66

MD5

a31089dc3cafe77c39268273d689193b

Filesize

118KB

Score
10/10
SHA1

032e0b9a0bf012401507be974ee6bdb3e6726fd7

SHA256

ffbf608aaef69e1ee53f8303c685604dd584985f809d19f6cbc914fa86b3ae66

SHA512

d92748b34286c21f4781b147000be1b54cf57e14587517638647b8369ccd01b3ecb00545be0d87d44f9dde6b30a404db2740bf06275dea647efc33eafd65d2f4

Tags

Signatures

  • Ryuk

    Description

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10