c6a77b1b8d919e7c33670fc3bf9454b542adb1ed4081ae411622063597d4a82c | Triage

Sharing

General

Target

2024-01-10_be4d82de41c950562bf196dd324be758_ryuk
Size

5.5MB
Sample

240111-gmzh9saeb4
MD5

be4d82de41c950562bf196dd324be758
SHA1

c9c633e0fd6cbb7feb6589112386c21335190089
SHA256

c6a77b1b8d919e7c33670fc3bf9454b542adb1ed4081ae411622063597d4a82c
SHA512

ff4a51a866349c653ae7438df107241a24b2e0137b0dff04928435e3bf1df11fe0452df748e3ba5e9509f424f5b9fd4195d7b9fafc4029cb47e1cb5e6bebc2be
SSDEEP

49152:iEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1bn9tJEUxDG0BYYrLA50IHLGfP:oAI5pAdV9n9tbnR1VgBVmVrvvRe12fD

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-01-10_be4d82de41c950562bf196dd324be758_ryuk
- Size
  
  5.5MB
- MD5
  
  be4d82de41c950562bf196dd324be758
- SHA1
  
  c9c633e0fd6cbb7feb6589112386c21335190089
- SHA256
  
  c6a77b1b8d919e7c33670fc3bf9454b542adb1ed4081ae411622063597d4a82c
- SHA512
  
  ff4a51a866349c653ae7438df107241a24b2e0137b0dff04928435e3bf1df11fe0452df748e3ba5e9509f424f5b9fd4195d7b9fafc4029cb47e1cb5e6bebc2be
- SSDEEP
  
  49152:iEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1bn9tJEUxDG0BYYrLA50IHLGfP:oAI5pAdV9n9tbnR1VgBVmVrvvRe12fD
Score

7^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2