Overview

overview

10

Static

static

3

2023-08-27...JC.exe

windows7-x64

10

2023-08-27...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2023-08-27_3cd5cf8ab4117e1d467955ea04c55995_ryuk_JC.exe

  • Size

    4.2MB

  • Sample

    231002-wba4vsdc81

  • MD5

    3cd5cf8ab4117e1d467955ea04c55995

  • SHA1

    0b5e28ff3f88ed732270edb464342e5ee510cf07

  • SHA256

    217752e3968bb16891f7b5414f983d1369f4de3ec95b077c494e6bf474b0984a

  • SHA512

    2186c710b260241e17aa3b4e31a3f0573c64732de376be3cf9428bfa00b6a33abf7526495dc4e972f03c7d8be8e813cee8d80086806d665581dab58ad6a05707

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMt:9nH

Score
10/10
persistence

Malware Config

Targets

    • Target

      2023-08-27_3cd5cf8ab4117e1d467955ea04c55995_ryuk_JC.exe

    • Size

      4.2MB

    • MD5

      3cd5cf8ab4117e1d467955ea04c55995

    • SHA1

      0b5e28ff3f88ed732270edb464342e5ee510cf07

    • SHA256

      217752e3968bb16891f7b5414f983d1369f4de3ec95b077c494e6bf474b0984a

    • SHA512

      2186c710b260241e17aa3b4e31a3f0573c64732de376be3cf9428bfa00b6a33abf7526495dc4e972f03c7d8be8e813cee8d80086806d665581dab58ad6a05707

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMt:9nH

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks