2df33743b916009320d26c6f222a868c0f30714202948ff60db344f7ca4c77d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-12_3e91f25fef6c2cc85fdcd19b42c133e0_ryuk
Size

45.7MB
Sample

240212-p1x7csde9x
MD5

3e91f25fef6c2cc85fdcd19b42c133e0
SHA1

76dd969facd9f58dd5c0820d5e7bd9448a639eee
SHA256

2df33743b916009320d26c6f222a868c0f30714202948ff60db344f7ca4c77d4
SHA512

877920a37c5bcb2b90be4181a68a16d7bc6d5699059f6ed745fb412ba9f459b76262e1532d32fa61d1b878df82dc7ec271417ea4713362b0ec0d60aefe038082
SSDEEP

786432:FueKh+SVfBDk6X0KseGePAP9Ibq8VWm1TVMqNxb1Gq9vQt/YF07pBmJDAu:F0h+OfB46XlsrBOh71ZMEb4AbuEJDAu

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-12_3e91f25fef6c2cc85fdcd19b42c133e0_ryuk
- Size
  
  45.7MB
- MD5
  
  3e91f25fef6c2cc85fdcd19b42c133e0
- SHA1
  
  76dd969facd9f58dd5c0820d5e7bd9448a639eee
- SHA256
  
  2df33743b916009320d26c6f222a868c0f30714202948ff60db344f7ca4c77d4
- SHA512
  
  877920a37c5bcb2b90be4181a68a16d7bc6d5699059f6ed745fb412ba9f459b76262e1532d32fa61d1b878df82dc7ec271417ea4713362b0ec0d60aefe038082
- SSDEEP
  
  786432:FueKh+SVfBDk6X0KseGePAP9Ibq8VWm1TVMqNxb1Gq9vQt/YF07pBmJDAu:F0h+OfB46XlsrBOh71ZMEb4AbuEJDAu
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2