Overview

overview

10

Static

static

3

2023-08-26...JC.exe

windows7-x64

10

2023-08-26...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2023-08-26_935dca28b75260dbc425cae43d4404e5_ryuk_JC.exe

  • Size

    6.2MB

  • Sample

    231011-m5jhnacc37

  • MD5

    935dca28b75260dbc425cae43d4404e5

  • SHA1

    d7a88528dd33080665efa9282796241e83d94c1a

  • SHA256

    251cb2185e95fee208592ee4a441c317e938a14610e627fdba5bf5893bf9b189

  • SHA512

    0a89ea5cb8b18688e4ac10a3f9c59522d4abbd43c5b52fa563c1536976693afb65ac283ef3dcca5d8648f768966c62a856eb91d048b64c6ba9d110a74260206f

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMQ:9n6

Score
10/10
persistence

Malware Config

Targets

    • Target

      2023-08-26_935dca28b75260dbc425cae43d4404e5_ryuk_JC.exe

    • Size

      6.2MB

    • MD5

      935dca28b75260dbc425cae43d4404e5

    • SHA1

      d7a88528dd33080665efa9282796241e83d94c1a

    • SHA256

      251cb2185e95fee208592ee4a441c317e938a14610e627fdba5bf5893bf9b189

    • SHA512

      0a89ea5cb8b18688e4ac10a3f9c59522d4abbd43c5b52fa563c1536976693afb65ac283ef3dcca5d8648f768966c62a856eb91d048b64c6ba9d110a74260206f

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMQ:9n6

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks