General
-
Target
0x0008000000022e2c-134.dat
-
Size
170KB
-
Sample
220820-l5g46acgd8
-
MD5
31bd0f224e7e74eee2847f43aae23974
-
SHA1
92e331e1e8ad30538f38dd7ba31386afafa14a58
-
SHA256
8b0a5fb13309623c3518473551cb1f55d38d8450129d4a3c16b476f7b2867d7d
-
SHA512
a13f05a12b084ef425f542ff4be824bbccb5dbdfe085af8b7e19d81a6bcba4b8c1debcc38f6b57bc9265a4db21eed70852ece8cc62b3ef14c47fca3035a55249
-
SSDEEP
3072:2qeriftL/WSo1vDb53j/8WGUzaqVh4LI8zQpn:2trA/WSo1rl3ALrlHQpn
Static task
static1
Behavioral task
behavioral1
Sample
0x0008000000022e2c-134.exe
Resource
win7-20220812-en
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
Targets
-
-
Target
0x0008000000022e2c-134.dat
-
Size
170KB
-
MD5
31bd0f224e7e74eee2847f43aae23974
-
SHA1
92e331e1e8ad30538f38dd7ba31386afafa14a58
-
SHA256
8b0a5fb13309623c3518473551cb1f55d38d8450129d4a3c16b476f7b2867d7d
-
SHA512
a13f05a12b084ef425f542ff4be824bbccb5dbdfe085af8b7e19d81a6bcba4b8c1debcc38f6b57bc9265a4db21eed70852ece8cc62b3ef14c47fca3035a55249
-
SSDEEP
3072:2qeriftL/WSo1vDb53j/8WGUzaqVh4LI8zQpn:2trA/WSo1rl3ALrlHQpn
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-