General
-
Target
2024-04-03_e0c3f5550790384e403e599989f6f3d4_ryuk
-
Size
1.4MB
-
Sample
240403-bllywsbe37
-
MD5
e0c3f5550790384e403e599989f6f3d4
-
SHA1
20e70c9701c6bc20c11b7393f14ce32cf33d6e85
-
SHA256
872d0f3d1bf6f8d78cd43ba9c00f39cbf9bcc8ac51a8e094e11027fc8dbfd7a8
-
SHA512
88bca5dedcaa2942d8a636e95917623f57c5248f85f1fdf28ad91ce868d35a5d9fdfbbb9d7c164e08042c03ce569ed6b76a696cb42304ffc64f12089616a2e12
-
SSDEEP
24576:7eyyHRBMk9lVHrDuAkN75lqtHIerHb4GfVeAgw5Z02qzkfnDTVi:yyyHRx9l9DuAI6tHIwHUGflgwf0rzk7k
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_e0c3f5550790384e403e599989f6f3d4_ryuk.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
2024-04-03_e0c3f5550790384e403e599989f6f3d4_ryuk.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Program Files\Common Files\Microsoft Shared\ink\RESTORE_FILES.txt
azov
Targets
-
-
Target
2024-04-03_e0c3f5550790384e403e599989f6f3d4_ryuk
-
Size
1.4MB
-
MD5
e0c3f5550790384e403e599989f6f3d4
-
SHA1
20e70c9701c6bc20c11b7393f14ce32cf33d6e85
-
SHA256
872d0f3d1bf6f8d78cd43ba9c00f39cbf9bcc8ac51a8e094e11027fc8dbfd7a8
-
SHA512
88bca5dedcaa2942d8a636e95917623f57c5248f85f1fdf28ad91ce868d35a5d9fdfbbb9d7c164e08042c03ce569ed6b76a696cb42304ffc64f12089616a2e12
-
SSDEEP
24576:7eyyHRBMk9lVHrDuAkN75lqtHIerHb4GfVeAgw5Z02qzkfnDTVi:yyyHRx9l9DuAI6tHIwHUGflgwf0rzk7k
Score10/10-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-