2024-01-11_9117f09af0521f1eaa4d8a915a4c201b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-11_9117f09af0521f1eaa4d8a915a4c201b_ryuk
Size

1.6MB
MD5

9117f09af0521f1eaa4d8a915a4c201b
SHA1

9751d35c4709f5435cd2f0723b06d14455c23894
SHA256

fbaf41484230b189c68adbd6cfec00f6d95d3d63e979918943fd5d6cbf5f7c3e
SHA512

3fd45fb01bcfaef95eca420f67b09e85b7319016c99ed406c8994ad1af9071139bb53ec3b2ea73d091787c89b600b73ff6bf184d2985610352aba434c6143ecd
SSDEEP

24576:+aBzZPJkog26FJu4K49HsOWF6X0RlbnzKkxQ6NtwnRyT/D9GQRnNRVFRk+1pCw:++QC6FJu4l9MOWFG0RlbnhW6yRyT8g7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-11_9117f09af0521f1eaa4d8a915a4c201b_ryuk

Files

2024-01-11_9117f09af0521f1eaa4d8a915a4c201b_ryuk
.exe windows:5 windows x64 arch:x64

4e576a039447ce7e186fcb8fd1a3416e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

chrome_elf

SignalInitializeCrashReporting
SignalChromeElf
GetInstallDetailsPayload

advapi32

ImpersonateNamedPipeClient
SetEntriesInAclW
GetSecurityInfo
CreateWellKnownSid
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
SystemFunction036
GetTokenInformation
OpenProcessToken
RegDisablePredefinedCache
RevertToSelf
GetLengthSid
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetKernelObjectSecurity
SetSecurityInfo
ConvertStringSidToSidW
SetTokenInformation
GetAce
GetSecurityDescriptorSacl
ConvertSidToStringSidW
CreateProcessAsUserW
SetThreadToken
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
EqualSid
LookupPrivilegeValueW
CopySid

kernel32

InitOnceExecuteOnce
GetThreadLocale
GetSystemDefaultLCID
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
SetLastError
GetCurrentThreadId
CreateEventW
GetLastError
GetCurrentProcess
GetProcessId
WaitForSingleObject
DuplicateHandle
SetProcessShutdownParameters
SetCurrentDirectoryW
LoadLibraryExW
VirtualFree
VirtualAlloc
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
ReleaseSRWLockExclusive
GetVersionExW
GetNativeSystemInfo
ExpandEnvironmentStringsW
GetCommandLineW
LocalFree
SetThreadPriority
QueryThreadCycleTime
Sleep
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
HeapDestroy
WriteFile
CreateFileW
DeleteFileW
CloseHandle
GetLocalTime
GetCurrentDirectoryW
GetCurrentProcessId
FormatMessageA
GetTickCount
TerminateProcess
OpenProcess
GetExitCodeProcess
ReadFile
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
FlushFileBuffers
AcquireSRWLockExclusive
GetUserDefaultLangID
RegisterWaitForSingleObject
UnregisterWaitEx
CreateDirectoryW
QueryDosDeviceW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
ReplaceFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
GetSystemDirectoryW
GetWindowsDirectoryW
RaiseException
CreateThread
GetThreadId
IsDebuggerPresent
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
TlsGetValue
SizeofResource
LockResource
LoadResource
FindResourceW
FindFirstFileExW
FindNextFileW
FindClose
GetModuleHandleExW
FlushViewOfFile
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsFree
HeapSetInformation
VirtualQuery
GetProcessTimes
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetSystemInfo
VirtualQueryEx
LoadLibraryW
SetEvent
ResetEvent
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
DecodePointer
DeleteCriticalSection
CreateProcessW
OutputDebugStringW
GetComputerNameExW
FreeLibrary
LockFileEx
SetConsoleCtrlHandler
GetUserDefaultLCID
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TerminateJobObject
GetProcessHeaps
SetHandleInformation
GetProcessHandleCount
SignalObjectAndWait
ProcessIdToSessionId
GetFileType
WriteProcessMemory
AssignProcessToJobObject
VirtualProtectEx
QueryFullProcessImageNameW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
CreateJobObjectW
CreateNamedPipeW
CreateMutexW
lstrlenW
DebugBreak
ReadProcessMemory
SearchPathW
VirtualProtect
LoadLibraryExA
GetThreadContext
SuspendThread
Wow64GetThreadContext
SleepEx
CreateSemaphoreW
ReleaseSemaphore
WaitNamedPipeW
TransactNamedPipe
GetVersion
SetNamedPipeHandleState
IsWow64Process
ConnectNamedPipe
DisconnectNamedPipe
GetFileInformationByHandleEx
GetUserDefaultUILanguage
ResumeThread
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetACP
GetStdHandle
ExitProcess
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
PeekNamedPipe
GetDriveTypeW
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
UnlockFileEx

psapi

GetProcessMemoryInfo
GetPerformanceInfo
GetMappedFileNameW

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW

shlwapi

PathMatchSpecW

user32

RegisterClassW
GetThreadDesktop
CreateDesktopW
GetMessageW
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowStationW
CloseWindowStation
CloseDesktop
wsprintfW
GetWindowThreadProcessId
AllowSetForegroundWindow
SendMessageTimeoutW
IsWindow
DefWindowProcW
FindWindowExW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
UnregisterClassW
GetWindowLongPtrW
PostMessageW
SetProcessWindowStation
TranslateMessage
DispatchMessageW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeGetTime

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winhttp

WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 892KB - Virtual size: 891KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e576a039447ce7e186fcb8fd1a3416e

Headers

DLL Characteristics

File Characteristics

Imports

chrome_elf

advapi32

kernel32

psapi

shell32

shlwapi

user32

version

winmm

userenv

winhttp

Exports

Exports

Sections

.text Size: 892KB - Virtual size: 891KB

.rdata Size: 197KB - Virtual size: 197KB

.data Size: 8KB - Virtual size: 25KB

.pdata Size: 45KB - Virtual size: 44KB

.didat Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 9B

CPADinfo Size: 512B - Virtual size: 48B

.rsrc Size: 493KB - Virtual size: 493KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 892KB - Virtual size: 891KB

.rdata
Size: 197KB - Virtual size: 197KB

.data
Size: 8KB - Virtual size: 25KB

.pdata
Size: 45KB - Virtual size: 44KB

.didat
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 9B

CPADinfo
Size: 512B - Virtual size: 48B

.rsrc
Size: 493KB - Virtual size: 493KB

.reloc
Size: 6KB - Virtual size: 6KB