16a3f436db1c927959d14daf75cf80bda4d583f429d50dbf72a5203415fa78df | Triage

Sharing

General

Target

RyuSAK-1.6.2.Setup.exe
Size

85.7MB
Sample

230314-fj44xadd67
MD5

c3f7aee30a8a374ec9d34e175b4e00c3
SHA1

a5c9ac0d289adbcafd1fff10647a40115f164d44
SHA256

16a3f436db1c927959d14daf75cf80bda4d583f429d50dbf72a5203415fa78df
SHA512

63ee86604a2d067fe2059b79f1e0ba87759493d31c9fd481404ba616d1a114b7a1131fb70cc25859dfbc391ada566e776614687f143f6ef9d312cba5003493e2
SSDEEP

1572864:DONVsmiT1o3Hn6SXrjbtJIgGMSmbCF5HE2lYAk9Os6e08p62EkWERZdjvu14ZTuk:DWFiB4H6SbAgGMSmbaHLlYDn48pNndbJ

Score

7^/10

Malware Config

Targets

- Target
  
  RyuSAK-1.6.2.Setup.exe
- Size
  
  85.7MB
- MD5
  
  c3f7aee30a8a374ec9d34e175b4e00c3
- SHA1
  
  a5c9ac0d289adbcafd1fff10647a40115f164d44
- SHA256
  
  16a3f436db1c927959d14daf75cf80bda4d583f429d50dbf72a5203415fa78df
- SHA512
  
  63ee86604a2d067fe2059b79f1e0ba87759493d31c9fd481404ba616d1a114b7a1131fb70cc25859dfbc391ada566e776614687f143f6ef9d312cba5003493e2
- SSDEEP
  
  1572864:DONVsmiT1o3Hn6SXrjbtJIgGMSmbCF5HE2lYAk9Os6e08p62EkWERZdjvu14ZTuk:DWFiB4H6SbAgGMSmbaHLlYDn48pNndbJ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1