2486c4443dc5d9a222a0c490bf9c5913fc102b83f87d761f1f637aafb71844b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-12_5e05a130ca2b20e5d70cfde503e54222_ryuk
Size

10.4MB
Sample

240212-p5manadh2w
MD5

5e05a130ca2b20e5d70cfde503e54222
SHA1

3776becb4162c0af7bd95c0c0f40ff7da43645d9
SHA256

2486c4443dc5d9a222a0c490bf9c5913fc102b83f87d761f1f637aafb71844b7
SHA512

d108352dbb10db32400e452471a3d4daada35686b2b84a3189f465cac671ce227ba5dca29e39e92eb427265d190195b15730fc2ece6a7373260a46ed0fdbb16b
SSDEEP

196608:NPBycV1X1V6eb2jLf5tCIzpiaDJYIbzINNaMbVAeSzwq1aMX/9Be/nGaZD:vyU1XCbzpp1yIqNw1aMFBe/nGaZD

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-12_5e05a130ca2b20e5d70cfde503e54222_ryuk
- Size
  
  10.4MB
- MD5
  
  5e05a130ca2b20e5d70cfde503e54222
- SHA1
  
  3776becb4162c0af7bd95c0c0f40ff7da43645d9
- SHA256
  
  2486c4443dc5d9a222a0c490bf9c5913fc102b83f87d761f1f637aafb71844b7
- SHA512
  
  d108352dbb10db32400e452471a3d4daada35686b2b84a3189f465cac671ce227ba5dca29e39e92eb427265d190195b15730fc2ece6a7373260a46ed0fdbb16b
- SSDEEP
  
  196608:NPBycV1X1V6eb2jLf5tCIzpiaDJYIbzINNaMbVAeSzwq1aMX/9Be/nGaZD:vyU1XCbzpp1yIqNw1aMFBe/nGaZD
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2