a16bdded38087cd572f99c83b202f52320da42e15ca5f1d14b62eb3445e1ab67 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-04-24_ad8e2594b7bcba48e7cb4eaaea3c8245_ryuk
Size

3.2MB
Sample

230426-ed8z8sgg3y
MD5

ad8e2594b7bcba48e7cb4eaaea3c8245
SHA1

96920a497b9b53f56db208f2af5535266f8a0c4d
SHA256

a16bdded38087cd572f99c83b202f52320da42e15ca5f1d14b62eb3445e1ab67
SHA512

93aafb1d788a1825a0018c5c736198add5727b878745f406fd0dc1da1be1665d924719a0ee7faf3dc654a31af6dcba0cb715d0da90c137333eeec894adc1f275
SSDEEP

12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCO:eEtl9mRda12sX7hKB8NIyXbacAfB

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2023-04-24_ad8e2594b7bcba48e7cb4eaaea3c8245_ryuk
- Size
  
  3.2MB
- MD5
  
  ad8e2594b7bcba48e7cb4eaaea3c8245
- SHA1
  
  96920a497b9b53f56db208f2af5535266f8a0c4d
- SHA256
  
  a16bdded38087cd572f99c83b202f52320da42e15ca5f1d14b62eb3445e1ab67
- SHA512
  
  93aafb1d788a1825a0018c5c736198add5727b878745f406fd0dc1da1be1665d924719a0ee7faf3dc654a31af6dcba0cb715d0da90c137333eeec894adc1f275
- SSDEEP
  
  12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCO:eEtl9mRda12sX7hKB8NIyXbacAfB
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2