ryuk | 4bc246545a0d8352ed566c890ff3a12ea783fd9baeaa3a18ad5c2b56d4c5f29e | Triage

Sharing

General

Target

RyukReadMe.html
Size

627B
Sample

220620-gredwsgdhm
MD5

2fd0b98a0f84fcedc9a30b88ae1124c5
SHA1

2c687b9de9085c2bbdc1ff445e50c451bae01129
SHA256

4bc246545a0d8352ed566c890ff3a12ea783fd9baeaa3a18ad5c2b56d4c5f29e
SHA512

9962b21c25727fc6f6fded2713c6b7459a5fa7cd4cff7c11a290875aa3ef34725b94800328d8c28885ddbded060879b4933d322b356dd7ffb43ba4716a49eb01

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Family

ryuk

Ransom Note

[email protected] balance of shadow universe Ryuk

Emails

[email protected]

Targets

- Target
  
  RyukReadMe.html
- Size
  
  627B
- MD5
  
  2fd0b98a0f84fcedc9a30b88ae1124c5
- SHA1
  
  2c687b9de9085c2bbdc1ff445e50c451bae01129
- SHA256
  
  4bc246545a0d8352ed566c890ff3a12ea783fd9baeaa3a18ad5c2b56d4c5f29e
- SHA512
  
  9962b21c25727fc6f6fded2713c6b7459a5fa7cd4cff7c11a290875aa3ef34725b94800328d8c28885ddbded060879b4933d322b356dd7ffb43ba4716a49eb01
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2