General
-
Target
0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09.bin.sample.exe
-
Size
885KB
-
Sample
230309-wzyvtsbc7t
-
MD5
6a5bf25ff4f72ebca91280ffda057260
-
SHA1
722063331acdbfc93ccbfacbec045800a835dd9e
-
SHA256
0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09
-
SHA512
64d6f8fe84882bb5b835388461e2f662d58b8b69ca6314869e4e4bd29496f4ae2d2bda5afa82cbfc6a29d563368343da1b19431fc24ec5261618a424543bce42
-
SSDEEP
12288:Qm+PiUwyM02Jl5YqWYgeWYg955/155/0QebUlAAsrsKCQoZRn6X:Q5iUtklagQKUKRrsKCQON6
Static task
static1
Behavioral task
behavioral1
Sample
0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09.bin.sample.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09.bin.sample.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\ProgramData\RyukReadMe.txt
Targets
-
-
Target
0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09.bin.sample.exe
-
Size
885KB
-
MD5
6a5bf25ff4f72ebca91280ffda057260
-
SHA1
722063331acdbfc93ccbfacbec045800a835dd9e
-
SHA256
0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09
-
SHA512
64d6f8fe84882bb5b835388461e2f662d58b8b69ca6314869e4e4bd29496f4ae2d2bda5afa82cbfc6a29d563368343da1b19431fc24ec5261618a424543bce42
-
SSDEEP
12288:Qm+PiUwyM02Jl5YqWYgeWYg955/155/0QebUlAAsrsKCQoZRn6X:Q5iUtklagQKUKRrsKCQON6
Score10/10-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-