Extracted

• • Target

    67849a6a23fa2e3a3b6e717bf992c5ab

  • Size

    922KB

  • MD5

    67849a6a23fa2e3a3b6e717bf992c5ab

  • SHA1

    5dd1c28989b7420d3b0bdc2770691bfef8550f06

  • SHA256

    6e2ac459c37d1193fe411683221d62747648f5628f53b9c0dd1c0d9aff619994

  • SHA512

    ec52232f1fc077f9557b6e08e2e541204e066fb63b784e2aff1a1e9775dd633ba8a7240c1109d392a987415927e23b5b06d8408da307993216f174600377af25

  • SSDEEP

    24576:q9neo2D43MManeo2D43MME8neo2D43MMc2XCq+ZAx8K12A:snmnZnC/K4A

  Score

  10^/10

  ryukdiscoveryransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Renames multiple (196) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Drops desktop.ini file(s)

  behavioral1behavioral2