Extracted

• • Target

    2024-02-13_785441d795ee886e64a262cb4128fa88_ryuk

  • Size

    206KB

  • MD5

    785441d795ee886e64a262cb4128fa88

  • SHA1

    7f44a811f375b0f1345fc899d87830dcb4c7b910

  • SHA256

    763f87c330f656f6ad258a660d920a4e633e79e2591a3def855d9444d24cbc8b

  • SHA512

    e5b2f6ee99519962c1f5f3bd98fffef2ae6b94d9b18e616746cc787b0e4092254af989680053732aae2c50e291db86146e25cbf56644afe8da8b23f5750691bb

  • SSDEEP

    1536:QQNiHikoUR86gSEB47j9kY61YZVDbeLtoepdEgIbsW9d7B9dl23PQx0scIC:Rkot6FEBwrfVDmtoepG19VA3o6scIC

  Score

  10^/10

  ryukransomware

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk

  • Detects command variations typically used by ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops desktop.ini file(s)

  behavioral1behavioral2