General
-
Target
775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6
-
Size
885KB
-
Sample
221020-s4bz3scag9
-
MD5
a650d5676dc2c91a3af2216044ddaf8c
-
SHA1
851eea629fda6f930ebfd7ac45de5e8bc3f506b5
-
SHA256
775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6
-
SHA512
463c54b4fc50ccfe889ab797339afa3f9096c53f8e551a616829b655f218238f53fc9aa9e6908675fed6be8883a555831af4ae1cc348eb80e937f27b34c760c7
-
SSDEEP
12288:q/2O9w8wycU2JlJYqWYgeWYg955/155/0QebUlAAsjsKqgooRn6X:qbC8tUlqgQKUKRjsKqgbN6
Static task
static1
Behavioral task
behavioral1
Sample
775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\ProgramData\RyukReadMe.txt
Targets
-
-
Target
775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6
-
Size
885KB
-
MD5
a650d5676dc2c91a3af2216044ddaf8c
-
SHA1
851eea629fda6f930ebfd7ac45de5e8bc3f506b5
-
SHA256
775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6
-
SHA512
463c54b4fc50ccfe889ab797339afa3f9096c53f8e551a616829b655f218238f53fc9aa9e6908675fed6be8883a555831af4ae1cc348eb80e937f27b34c760c7
-
SSDEEP
12288:q/2O9w8wycU2JlJYqWYgeWYg955/155/0QebUlAAsjsKqgooRn6X:qbC8tUlqgQKUKRjsKqgbN6
Score10/10-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-