General
-
Target
0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.zip
-
Size
66KB
-
Sample
230317-nhbd7shh9w
-
MD5
cb3303dd1a4616b0b63e352aa1b15b8b
-
SHA1
6958ee2a38f70ab36cc7178d019d85ffc90761e1
-
SHA256
c37587ff49bdaa6f13cddab42cc9799b21ef27265c7cf60fdca97e68fbb1a542
-
SHA512
ad2b13045a1f51e2b67a30f6ff520da3a5615019b37ad7bb17c1287e70102df78983ddd660eb54ce7cc034b656a913aca2eabbc05e03802453a178bc49be0966
-
SSDEEP
1536:cPdYiEO1nNiO68xVNlJ5zkufsA4YKjKxoqFF0QwzTpFzpm:clYx0NiOhwVnYBUtLzpm
Static task
static1
Behavioral task
behavioral1
Sample
0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.txt
ryuk
Targets
-
-
Target
0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.exe
-
Size
167KB
-
MD5
2209710b3ba686e5cbd8716df05c5174
-
SHA1
31675cb6cd22911f1e343b046f7b27219e55dadc
-
SHA256
0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3
-
SHA512
0abfe5bc5fc7ce050658fb007361994d7df53844c1bbb7f176ee06de1f5fda8d87a93f46800ac33092763d181dd97fa89a987b350d9aa372550b67ca10413e27
-
SSDEEP
3072:yzWPZc7KwohIG/Qe1F7VIP60hiEOX3Sli:0WumVhIGoe/Aq
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops desktop.ini file(s)
-