857aaf72f46d3aec3f7827a7d008638df999bed8eff91ad5cfaba20ec15ab68b | Triage

Sharing

General

Target

2024-02-12_95082e18c7355c92ebcbda44ec26f761_ryuk
Size

10.4MB
Sample

240212-p9patafg57
MD5

95082e18c7355c92ebcbda44ec26f761
SHA1

b59077d89882e804f08aaa3eaad573422cbad5fe
SHA256

857aaf72f46d3aec3f7827a7d008638df999bed8eff91ad5cfaba20ec15ab68b
SHA512

0320ba9d06334c07a8efca80e3efa79fa7e36544812dfb1997703edd1b3d6a47ac0cb38651a23d94c2126790fbc3b5e885f695a7b468585eeebaa60a67b91cad
SSDEEP

196608:LcjMAZJFNFqOOcXKkQycfnq72NSQqWMVQ9zWzvP1nBxzlPzfS6hRmhgZx:gNrtlckQycyCSnTjPrfLTD

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-12_95082e18c7355c92ebcbda44ec26f761_ryuk
- Size
  
  10.4MB
- MD5
  
  95082e18c7355c92ebcbda44ec26f761
- SHA1
  
  b59077d89882e804f08aaa3eaad573422cbad5fe
- SHA256
  
  857aaf72f46d3aec3f7827a7d008638df999bed8eff91ad5cfaba20ec15ab68b
- SHA512
  
  0320ba9d06334c07a8efca80e3efa79fa7e36544812dfb1997703edd1b3d6a47ac0cb38651a23d94c2126790fbc3b5e885f695a7b468585eeebaa60a67b91cad
- SSDEEP
  
  196608:LcjMAZJFNFqOOcXKkQycfnq72NSQqWMVQ9zWzvP1nBxzlPzfS6hRmhgZx:gNrtlckQycyCSnTjPrfLTD
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2