General
-
Target
ryuk.bin.zip
-
Size
361KB
-
Sample
230602-yq4qtseb79
-
MD5
f39378c08ea1eb2d22f41b06fb191a19
-
SHA1
151c1edf19895849ac175ceae1d92ec777d3fd97
-
SHA256
d107f2cbd1a749f79abe402eef3f71d3c0fceca69f4692908be091f044220842
-
SHA512
55d1d92b9c3a51c290184e4b79dd8e34bc7c7b0c208114d4867ce2419f1ef310416020d70d7e3571e4db30380a652f1d4f06e8428458b59702f90a0cd935760f
-
SSDEEP
6144:oLY3zeNb46fWWAodiOO8UkPzri0/Uap80vTCvzQE8SyMx7OemVdzSv8Es0lBXhhv:o8jzeDUyG07IvzQfxe5v8EZly+
Static task
static1
Behavioral task
behavioral1
Sample
ryuk.exe
Resource
win7-20230220-en
Malware Config
Extracted
C:\Users\Admin\Desktop\RyukReadMe.html
ryuk
Targets
-
-
Target
ryuk.bin
-
Size
548KB
-
MD5
987336d00fdbec3bcdb95b078f7de46f
-
SHA1
8bbded5710280f055bf53f9e4f6c5abb596f7899
-
SHA256
a9643eb83d509ad4eac20a2a89d8571f8d781979ad078e89f5b75b4bcb16f65e
-
SHA512
39edeaa6ec301af43886748b588dd554c5f06d9dabbaf9aa6595a216111fe2923ba8c48e177f0a9ff2b865923d1051005299946765fc303c409419d7eca6e2a3
-
SSDEEP
12288:bma40rTiKNAIRhOnloZq7St7uIUr086ah2I/0xI8QTPCXOY1LEfVUF:bH4URP0lVEO0xI8CIOIIfK
Score10/10-
Renames multiple (5421) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-