0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d | Triage

Sharing

General

Target

2023-04-25_88a230528b06c525c64b27905aef17df_ryuk
Size

3.0MB
Sample

230426-efmvsaeh68
MD5

88a230528b06c525c64b27905aef17df
SHA1

d69533af59e863787f0e914bb62c713ea3db90af
SHA256

0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d
SHA512

a119918d2adcaa80700ddf2fd79d421e2c21c1a881ab1c3bd1081b602e9d97a22b73b92a0b7ad54f0c76f50727adb0a2fc9644e224b4ce2d42c6110539e814b9
SSDEEP

24576:eEtl9mRda12sX7hKB8NIyXbacAfPNRdpkhtIShJVVTyJNPtx:9Es1RMB8NIMIXDCjVyT

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2023-04-25_88a230528b06c525c64b27905aef17df_ryuk
- Size
  
  3.0MB
- MD5
  
  88a230528b06c525c64b27905aef17df
- SHA1
  
  d69533af59e863787f0e914bb62c713ea3db90af
- SHA256
  
  0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d
- SHA512
  
  a119918d2adcaa80700ddf2fd79d421e2c21c1a881ab1c3bd1081b602e9d97a22b73b92a0b7ad54f0c76f50727adb0a2fc9644e224b4ce2d42c6110539e814b9
- SSDEEP
  
  24576:eEtl9mRda12sX7hKB8NIyXbacAfPNRdpkhtIShJVVTyJNPtx:9Es1RMB8NIMIXDCjVyT
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2