Overview

overview

10

Static

static

3

MTM4OWYz.exe

windows7-x64

10

MTM4OWYz.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MTM4OWYz.exe

  • Size

    127KB

  • Sample

    230523-t84rbsgb99

  • MD5

    e8673c8a299d1647ead6f3da4565ac54

  • SHA1

    71015f9c281038d63bf7cd45894550c1a26c6b53

  • SHA256

    d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

  • SHA512

    90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

  • SSDEEP

    3072:W/SfjQAr839SVK+DM590tfXQpr8WbkPnkaT3Tb0b:ySfjQAY39SVK+DM0tfXQfqv0

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note
izviawirto1982@protonmail.com balance of shadow universe Ryuk
Emails

izviawirto1982@protonmail.com

Targets

    • Target

      MTM4OWYz.exe

    • Size

      127KB

    • MD5

      e8673c8a299d1647ead6f3da4565ac54

    • SHA1

      71015f9c281038d63bf7cd45894550c1a26c6b53

    • SHA256

      d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

    • SHA512

      90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

    • SSDEEP

      3072:W/SfjQAr839SVK+DM590tfXQpr8WbkPnkaT3Tb0b:ySfjQAY39SVK+DM0tfXQfqv0

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Renames multiple (62) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.