General
-
Target
2024-03-14_ba6bb7301ff3525bfff33ef50fecd9d0_ryuk
-
Size
1.0MB
-
Sample
240314-lhk8asge4z
-
MD5
ba6bb7301ff3525bfff33ef50fecd9d0
-
SHA1
d7b5ea9ae788300f70ef37b6c2afefacd4b4ce35
-
SHA256
56e4e386e97062cbb1a8a8f813e1b7debf1bf874595cc7f57200a783d9de78a7
-
SHA512
dadb449c21fdd6b35f41143515b0fdadd490fa67e43c10de6299c2399249fe5bcf4966f1063a27ec78d427289cc276d06c3f6cd6fe1b15c24170896aa9c71980
-
SSDEEP
12288:GUaYzBGeoHgPy96DAx3kQ+zAVh+nro94zj/80oJaLE:GMMeoHKy99WQ+zIh+nro8A0L
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-14_ba6bb7301ff3525bfff33ef50fecd9d0_ryuk.exe
Resource
win7-20240221-en
Malware Config
Extracted
phorphiex
http://185.215.113.66/
0xAa3ea4838e8E3F6a1922c6B67E3cD6efD1ff175b
THRUoPK7oYqF7YyKZJvPYwTH35JsPZVPto
1Hw9tx4KyTq4oRoLVhPb4hjDJcLhEa4Tn6
qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut
XtxFdsKkRN3oVDXtN2ipcHeNi87basT2sL
LXMNcn9D8FQKzGNLjdSyR9dEM8Rsh9NzyX
rwn7tb5KQjXEjH42GgdHWHec5PPhVgqhSH
ARML6g7zynrwUHJbFJCCzMPiysUFXYBGgQ
48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg
3PL7YCa4akNYzuScqQwiSbtTP9q9E9PLreC
3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3
D9AJWrbYsidS9rAU146ifLRu1fzX9oQYSH
t1gvVWHnjbGTsoWXEyoTFojc2GqEzBgvbEn
bnb1cgttf7t5hu7ud3c436ufhcmy59qnkd09adqczd
bc1q0fusmmgycnhsd5cadsuz2hk8d4maausjfjypqg
bitcoincash:qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut
GAUCC7ZBSU2KJMHXOZD6AP5LOBGKNDPCDNRYP2CO2ACR63YCSUBNT5QE
Targets
-
-
Target
2024-03-14_ba6bb7301ff3525bfff33ef50fecd9d0_ryuk
-
Size
1.0MB
-
MD5
ba6bb7301ff3525bfff33ef50fecd9d0
-
SHA1
d7b5ea9ae788300f70ef37b6c2afefacd4b4ce35
-
SHA256
56e4e386e97062cbb1a8a8f813e1b7debf1bf874595cc7f57200a783d9de78a7
-
SHA512
dadb449c21fdd6b35f41143515b0fdadd490fa67e43c10de6299c2399249fe5bcf4966f1063a27ec78d427289cc276d06c3f6cd6fe1b15c24170896aa9c71980
-
SSDEEP
12288:GUaYzBGeoHgPy96DAx3kQ+zAVh+nro94zj/80oJaLE:GMMeoHKy99WQ+zIh+nro8A0L
-
Phorphiex payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-