Overview

overview

10

Static

static

3

2023-08-26...JC.exe

windows7-x64

10

2023-08-26...JC.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2023-08-26_c5a29aa5ebc78833d9f3e3b95cd6caf1_ryuk_JC.exe

  • Size

    7.8MB

  • Sample

    231011-f7lx8sec23

  • MD5

    c5a29aa5ebc78833d9f3e3b95cd6caf1

  • SHA1

    b24bce3d9dc701cb97e7b7f53fa7adc2541c67e0

  • SHA256

    e7b66e92977c0f7c701b7a69cd0e8e149afd423e85afe118048eba0c0492e724

  • SHA512

    9b0dfcdc47dbf4415f62f2c6fd9bf6db2d6d6f4d1fd28f877043f707cc28503b2971555ea8c1fb6a8240264e54b7d0c7366abd7e3809fd2159b6805f2e6d0641

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzM5:9nwnE

Score
10/10
persistence

Malware Config

Targets

    • Target

      2023-08-26_c5a29aa5ebc78833d9f3e3b95cd6caf1_ryuk_JC.exe

    • Size

      7.8MB

    • MD5

      c5a29aa5ebc78833d9f3e3b95cd6caf1

    • SHA1

      b24bce3d9dc701cb97e7b7f53fa7adc2541c67e0

    • SHA256

      e7b66e92977c0f7c701b7a69cd0e8e149afd423e85afe118048eba0c0492e724

    • SHA512

      9b0dfcdc47dbf4415f62f2c6fd9bf6db2d6d6f4d1fd28f877043f707cc28503b2971555ea8c1fb6a8240264e54b7d0c7366abd7e3809fd2159b6805f2e6d0641

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzM5:9nwnE

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks