General
-
Target
2023-08-27_66c766d6eb6d4b35cf5d4629ea86c046_ryuk_JC.exe
-
Size
20.8MB
-
Sample
231002-y7gydsgd28
-
MD5
66c766d6eb6d4b35cf5d4629ea86c046
-
SHA1
15d061b62aa02a288e3f6cdcfee189358d390aa3
-
SHA256
df03376691e234157541c57b8cea634eeebd1e977c31230c4dada5c3fafa2b4f
-
SHA512
61995e741c4fc6ec1a4c4cc59c0ffa2c2a4acf0fe735233a185929ed81dd1dfb9dbe8d4e691325a34e98e020142f6579cc4161e83b40227f6ff86b3de52d8c07
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMe:9nwngnwnBRn
Malware Config
Targets
-
-
Target
2023-08-27_66c766d6eb6d4b35cf5d4629ea86c046_ryuk_JC.exe
-
Size
20.8MB
-
MD5
66c766d6eb6d4b35cf5d4629ea86c046
-
SHA1
15d061b62aa02a288e3f6cdcfee189358d390aa3
-
SHA256
df03376691e234157541c57b8cea634eeebd1e977c31230c4dada5c3fafa2b4f
-
SHA512
61995e741c4fc6ec1a4c4cc59c0ffa2c2a4acf0fe735233a185929ed81dd1dfb9dbe8d4e691325a34e98e020142f6579cc4161e83b40227f6ff86b3de52d8c07
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMe:9nwngnwnBRn
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-