ryuk | 8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd | Triage

Sharing

General

Target

8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd_JC.exe
Size

203KB
Sample

230813-l4jxcscg81
MD5

4f707c67968a14d08cc42958d5341707
SHA1

accf64200195ef1ca9c7f497508c4bfb4e18da41
SHA256

8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd
SHA512

9790ab884d3d43f23005a2085b3b320f9bf2ce8ccffd4476ea0b8f2a49cce11c6a61f3ed061d4fa759c167fd6728d890363a148c731251abfdab2bace96432ed
SSDEEP

3072:6qUhUhEnI2XCIaxTrjCgmQ8GiVDswVAETR:bUWEIKXwr2OmA

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] [email protected] balance of shadow universe Ryuk

Emails

[email protected]

[email protected]

Targets

- Target
  
  8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd_JC.exe
- Size
  
  203KB
- MD5
  
  4f707c67968a14d08cc42958d5341707
- SHA1
  
  accf64200195ef1ca9c7f497508c4bfb4e18da41
- SHA256
  
  8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd
- SHA512
  
  9790ab884d3d43f23005a2085b3b320f9bf2ce8ccffd4476ea0b8f2a49cce11c6a61f3ed061d4fa759c167fd6728d890363a148c731251abfdab2bace96432ed
- SSDEEP
  
  3072:6qUhUhEnI2XCIaxTrjCgmQ8GiVDswVAETR:bUWEIKXwr2OmA
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2