General
-
Target
https://www.mediafire.com/file/g6gxwtcv8egpez2/%2521Dont_Forget_To_Leave_A_like_Or_Rep.zip/file
-
Sample
220823-qylk8aefhn
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\Downloads\!Dont Forget To Leave A like Or Rep\!Ultimate Checking Pack - Version 7.0\!Best Bruteforcers For Pro Crackers\Sentry MBA 1.4.1 [Bruteforcer]\ToCheck\riotgames_1518365752.txt
Family
ryuk
Ransom Note
AIl For One:AIl For One
AIl For One:AIl For One123
AbbesLuFZ:AbbesLuFZ123
Altanne:Altanne
ArgiliecCharasa:ArgiliecCharasa
ArrayEU:ArrayEU123
Ashes of Fenix:Ashes of Fenix123
BL Incidious:BL Incidious
Bammi:Bammi
Bammi:Bammi123
Bot Shacô:Bot Shacô123
Cambio De Nombre:Cambio De Nombre
Cambio De Nombre:Cambio De Nombre123
Chengy:Chengy123
Cosine:Cosine123
DarkNoodles:DarkNoodles
DatDragi:DatDragi
DrStonehoof:DrStonehoof123
Duffers:Duffers
Ethg:Ethg
Flamien:Flamien
Flashbone:Flashbone123
Færys:Færys123
Ghuntan:Ghuntan123
Give me mid pIs:Give me mid pIs
Gliedeon:Gliedeon
HDz BooLi:HDz BooLi
Hackfruchtsalat:Hackfruchtsalat
HarryTheRetard:HarryTheRetard
Hi im Yacin:Hi im Yacin123
InsaneMecaniX:InsaneMecaniX123
Jhanaa:Jhanaa123
Jmaniac2:Jmaniac2123
Kaasbomber:Kaasbomber123
KisseMisse:KisseMisse123
Klajt:Klajt
Lean EasyMac:Lean EasyMac
Lombrick:Lombrick
M Fringe:M Fringe
M1N1 GANZALEZ:M1N1 GANZALEZ123
MentalCOP:MentalCOP
Miika:Miika123
MonsieurHAZAGI:MonsieurHAZAGI
MonsterVo1com:MonsterVo1com
MyJaxInUrViJanna:MyJaxInUrViJanna123
Méllow:Méllow
NG XMisterLapinX:NG XMisterLapinX
NH Shurima:NH Shurima123
NaKï:NaKï123
NeQs:NeQs123
NoOpex:NoOpex
Pain Beurré:Pain Beurré
Perly:Perly123
RisinGHand:RisinGHand123
Ryukun37:Ryukun37
Ryukun37:Ryukun37123
Ryuseikai:Ryuseikai123
Ryze Targaryen:Ryze Targaryen123
Sabbor:Sabbor
Sabbor:Sabbor123
Scott Flynt:Scott Flynt
Shynëse:Shynëse
Shynëse:Shynëse123
SoloQ BaitMaster:SoloQ BaitMaster
SoloQ BaitMaster:SoloQ BaitMaster123
StarSaph:StarSaph
The stoned cruck:The stoned cruck123
TrashReaction:TrashReaction
VOID Spîrit:VOID Spîrit
VOID Spîrit:VOID Spîrit123
VoxsOf:VoxsOf
XizzelPewPew:XizzelPewPew123
ZaigonoxTV:ZaigonoxTV123
ZbaYlish:ZbaYlish123
acdc:acdc
acdc:acdc123
bitouille:bitouille
blackdarkside:blackdarkside
blackdarkside:blackdarkside123
dabswow:dabswow123
dignityyy:dignityyy
hide ºn bush:hide ºn bush
ilsonoita:ilsonoita
promalphite123:promalphite123
promalphite123:promalphite123123
sannerligen:sannerligen
stop feed Shaco:stop feed Shaco
xxglaederxx:xxglaederxx
xxglaederxx:xxglaederxx123
Targets
-
-
Target
https://www.mediafire.com/file/g6gxwtcv8egpez2/%2521Dont_Forget_To_Leave_A_like_Or_Rep.zip/file
Score10/10-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Web Service
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation