Extracted

• • Target

    0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.zip

  • Size

    66KB

  • MD5

    cb3303dd1a4616b0b63e352aa1b15b8b

  • SHA1

    6958ee2a38f70ab36cc7178d019d85ffc90761e1

  • SHA256

    c37587ff49bdaa6f13cddab42cc9799b21ef27265c7cf60fdca97e68fbb1a542

  • SHA512

    ad2b13045a1f51e2b67a30f6ff520da3a5615019b37ad7bb17c1287e70102df78983ddd660eb54ce7cc034b656a913aca2eabbc05e03802453a178bc49be0966

  • SSDEEP

    1536:cPdYiEO1nNiO68xVNlJ5zkufsA4YKjKxoqFF0QwzTpFzpm:clYx0NiOhwVnYBUtLzpm

  Score

  1^/10
  behavioral1behavioral2

• • Target

    0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.exe

  • Size

    167KB

  • MD5

    2209710b3ba686e5cbd8716df05c5174

  • SHA1

    31675cb6cd22911f1e343b046f7b27219e55dadc

  • SHA256

    0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3

  • SHA512

    0abfe5bc5fc7ce050658fb007361994d7df53844c1bbb7f176ee06de1f5fda8d87a93f46800ac33092763d181dd97fa89a987b350d9aa372550b67ca10413e27

  • SSDEEP

    3072:yzWPZc7KwohIG/Qe1F7VIP60hiEOX3Sli:0WumVhIGoe/Aq

  Score

  10^/10

  ryukransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Drops desktop.ini file(s)

  behavioral3behavioral4