Overview

overview

10

Static

static

3

2023-08-26...JC.exe

windows7-x64

10

2023-08-26...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2023-08-26_42a8075e5d341bcd1d20c7d3eadff950_ryuk_JC.exe

  • Size

    18.5MB

  • Sample

    231012-bs821ahg54

  • MD5

    42a8075e5d341bcd1d20c7d3eadff950

  • SHA1

    094fb48ecebd5ce3aef3d142d745c24182b171f5

  • SHA256

    89286fede4f926ec8869703329899f4c17fdd7a812943d740d6077a5f2575daa

  • SHA512

    782fb809754b030e52485ed62fddb26b1d875f622c22d620b4dcfeb542b36b17c545457e6aaa9be25e4d48dcb58000b6c0f1f7961297d76a8fbc3f1c22ffbb19

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMt:9nwngnwnQ

Score
10/10
persistence

Malware Config

Targets

    • Target

      2023-08-26_42a8075e5d341bcd1d20c7d3eadff950_ryuk_JC.exe

    • Size

      18.5MB

    • MD5

      42a8075e5d341bcd1d20c7d3eadff950

    • SHA1

      094fb48ecebd5ce3aef3d142d745c24182b171f5

    • SHA256

      89286fede4f926ec8869703329899f4c17fdd7a812943d740d6077a5f2575daa

    • SHA512

      782fb809754b030e52485ed62fddb26b1d875f622c22d620b4dcfeb542b36b17c545457e6aaa9be25e4d48dcb58000b6c0f1f7961297d76a8fbc3f1c22ffbb19

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMt:9nwngnwnQ

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks