General
-
Target
f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea.exe
-
Size
885KB
-
Sample
221218-xlxahsdd38
-
MD5
154b73d0a7aa19df12364a78b235f29f
-
SHA1
5e39ad8cd8f05d29b7587a876c318be5c0511dcc
-
SHA256
f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea
-
SHA512
bf32fb8e846170bb5f2c9505e5577e5d3b31f3f9a43030b5f3268d66f3d11f3c983b231742f0d51488c4a288639c0d9e91a911fec0b016d54047e582695a98e0
-
SSDEEP
12288:D/2O9w8wycU2JlJYqWYgeWYg955/155/0QebUlAAsjsKqgo7Rn6X:DbC8tUlqgQKUKRjsKqgQN6
Static task
static1
Behavioral task
behavioral1
Sample
f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\ProgramData\RyukReadMe.txt
scorpion1408@mailfence.com
scorpion1408@cyberfear.com
Targets
-
-
Target
f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea.exe
-
Size
885KB
-
MD5
154b73d0a7aa19df12364a78b235f29f
-
SHA1
5e39ad8cd8f05d29b7587a876c318be5c0511dcc
-
SHA256
f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea
-
SHA512
bf32fb8e846170bb5f2c9505e5577e5d3b31f3f9a43030b5f3268d66f3d11f3c983b231742f0d51488c4a288639c0d9e91a911fec0b016d54047e582695a98e0
-
SSDEEP
12288:D/2O9w8wycU2JlJYqWYgeWYg955/155/0QebUlAAsjsKqgo7Rn6X:DbC8tUlqgQKUKRjsKqgQN6
Score10/10-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Indicator Removal on Host
1File Deletion
3Hidden Files and Directories
1File Permissions Modification
1Discovery
Query Registry
2System Information Discovery
3Peripheral Device Discovery
1Execution
Command-Line Interface
1Exfiltration
Initial Access
Lateral Movement
Persistence
Scheduled Task
1Privilege Escalation