General
-
Target
NEAS.2023-09-06_c9209531da85731420d7fdeebedda17a_ryuk_JC.exe
-
Size
2.8MB
-
Sample
231031-tcjraacg47
-
MD5
c9209531da85731420d7fdeebedda17a
-
SHA1
6b8b922495649b0d131508b56fd9a750f7b608ee
-
SHA256
0e360bc442a2b8ea060ea8a27c5f73b2ae67325f4c2a5997d25218c69e4de1c1
-
SHA512
c06f783fe303946d1633a8936f0cb15bec9faf3eb7bec40d818e9144e44a5c2c1420733f807f61fbf42181daaa6aabb5a08894c806e1efe734ae95809d51452a
-
SSDEEP
12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MC7:eEtl9mRda12sX7hKB8NIyXbacAfu
Malware Config
Targets
-
-
Target
NEAS.2023-09-06_c9209531da85731420d7fdeebedda17a_ryuk_JC.exe
-
Size
2.8MB
-
MD5
c9209531da85731420d7fdeebedda17a
-
SHA1
6b8b922495649b0d131508b56fd9a750f7b608ee
-
SHA256
0e360bc442a2b8ea060ea8a27c5f73b2ae67325f4c2a5997d25218c69e4de1c1
-
SHA512
c06f783fe303946d1633a8936f0cb15bec9faf3eb7bec40d818e9144e44a5c2c1420733f807f61fbf42181daaa6aabb5a08894c806e1efe734ae95809d51452a
-
SSDEEP
12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MC7:eEtl9mRda12sX7hKB8NIyXbacAfu
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-