General

  • Target

    RYUK RANSOMWARE.bin

  • Size

    205KB

  • Sample

    231109-p2vgvshd4x

  • MD5

    881db1945686533f06f6626da444a7b5

  • SHA1

    776fff17a531a374d13a9e267db764e3463a4cfc

  • SHA256

    c85fec6ed44bdfd54c5f37190ffad38919640064ce718045e228dca65f74ec7b

  • SHA512

    639d684ab5a15a23355577d0c0e6cab29fe66596af5c5644a4fb258c3f65324c94f4c5fc4f76c7b7ac2ff0f15ffc69e98c279f59e8897e3db4e3ffaee2e96af6

  • SSDEEP

    3072:30imLeE+6Kiei4VrJo6lxPJUVjIMaNhUv:LE+6Kt53oExlNh

Score
10/10

Malware Config

Extracted

Path

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html

Family

ryuk

Ransom Note
[email protected] [email protected] balance of shadow universe Ryuk

Targets

    • Target

      RYUK RANSOMWARE.bin

    • Size

      205KB

    • MD5

      881db1945686533f06f6626da444a7b5

    • SHA1

      776fff17a531a374d13a9e267db764e3463a4cfc

    • SHA256

      c85fec6ed44bdfd54c5f37190ffad38919640064ce718045e228dca65f74ec7b

    • SHA512

      639d684ab5a15a23355577d0c0e6cab29fe66596af5c5644a4fb258c3f65324c94f4c5fc4f76c7b7ac2ff0f15ffc69e98c279f59e8897e3db4e3ffaee2e96af6

    • SSDEEP

      3072:30imLeE+6Kiei4VrJo6lxPJUVjIMaNhUv:LE+6Kt53oExlNh

    Score
    10/10
    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks