General
-
Target
NEAS.2023-09-06_595dee42312bb9a1844925b714b60fad_ryuk_JC.exe
-
Size
20.8MB
-
Sample
231023-trljesab6v
-
MD5
595dee42312bb9a1844925b714b60fad
-
SHA1
cd59e8de6b3bc53ad75b20819fa7dff189fa28e2
-
SHA256
925f82f1567ac60bd080aa23c22894e625fc496f5e0d74df9d8eb25f160420dc
-
SHA512
9744cc334d0bb01daa8e2009ba0372fc4b92c85364aeb151afedc0bc7782be9636112fccce393fad56f9ef854fc39058121120c7d9f2f82fcf9b1738a68ef268
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMf:9nwngnwnBRm
Malware Config
Targets
-
-
Target
NEAS.2023-09-06_595dee42312bb9a1844925b714b60fad_ryuk_JC.exe
-
Size
20.8MB
-
MD5
595dee42312bb9a1844925b714b60fad
-
SHA1
cd59e8de6b3bc53ad75b20819fa7dff189fa28e2
-
SHA256
925f82f1567ac60bd080aa23c22894e625fc496f5e0d74df9d8eb25f160420dc
-
SHA512
9744cc334d0bb01daa8e2009ba0372fc4b92c85364aeb151afedc0bc7782be9636112fccce393fad56f9ef854fc39058121120c7d9f2f82fcf9b1738a68ef268
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMf:9nwngnwnBRm
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (711) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-