General
-
Target
2023-08-26_efb6199b2d91dc194d6602abe0554797_ryuk_JC.exe
-
Size
20.8MB
-
Sample
231001-zx219afc78
-
MD5
efb6199b2d91dc194d6602abe0554797
-
SHA1
3f161d997a45b224ba083e97f6e09082e487e009
-
SHA256
cd184bfbd69579b92d2e8536af03917c16ed65f975454bade24dc8ea5147dc07
-
SHA512
69a10d08660e933f050fdec5d51d48938693a4bd1cd84f6c2e41a3334a4b6e6acf969a7f2abe2b14badbe3f9bbc8e1d4febd22db33449eaa7bc9b45a58d18f5d
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMM:9nwngnwnBR/
Malware Config
Targets
-
-
Target
2023-08-26_efb6199b2d91dc194d6602abe0554797_ryuk_JC.exe
-
Size
20.8MB
-
MD5
efb6199b2d91dc194d6602abe0554797
-
SHA1
3f161d997a45b224ba083e97f6e09082e487e009
-
SHA256
cd184bfbd69579b92d2e8536af03917c16ed65f975454bade24dc8ea5147dc07
-
SHA512
69a10d08660e933f050fdec5d51d48938693a4bd1cd84f6c2e41a3334a4b6e6acf969a7f2abe2b14badbe3f9bbc8e1d4febd22db33449eaa7bc9b45a58d18f5d
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMM:9nwngnwnBR/
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-