ssh-agent.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-08_98056eae717c37d6c30dcbe898119459_ryuk.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-08_98056eae717c37d6c30dcbe898119459_ryuk.exe
Resource
win10v2004-20240319-en
General
-
Target
2024-04-08_98056eae717c37d6c30dcbe898119459_ryuk
-
Size
1.8MB
-
MD5
98056eae717c37d6c30dcbe898119459
-
SHA1
e17404933c00daa8f2a2d4872255c4f8d25d4db8
-
SHA256
8a3423e84f8ef69544047aa967fa78d57e769ae6bd3753712e5c1be495adcbf9
-
SHA512
b8ecf8f79627c5a114d4ab48fbebe161783e0095ba6571c17fc66f86be1b43f8f7ef7aed71caeb0d8143e88c3703908c6c1902b7a4ec98ee1d46ee8ee9b8765a
-
SSDEEP
12288:5ObrA4LWOsvAYFTs6JvY67VMBNO/aXpXI22+VufvdIOKek1h4TA8bXQJYe:ufL3UTs6J17W8CX32+KJNA80T
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-04-08_98056eae717c37d6c30dcbe898119459_ryuk
Files
-
2024-04-08_98056eae717c37d6c30dcbe898119459_ryuk.exe windows:6 windows x64 arch:x64
883b9c85aa02333ea08e2428bc2def05
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
libcrypto
DSA_do_sign
DSA_do_verify
DSA_SIG_new
DSA_SIG_free
EVP_sha384
EVP_md5
EVP_sha256
EVP_Digest
ECDSA_SIG_new
EVP_sha1
ECDSA_SIG_free
EVP_sha512
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_aes_256_cbc
EVP_CipherInit
ECDSA_do_sign
EVP_CIPHER_CTX_set_app_data
EVP_CIPHER_CTX_get_app_data
AES_set_encrypt_key
EVP_des_ede3_cbc
EVP_aes_192_cbc
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_set_key_length
AES_encrypt
RAND_bytes
ECDSA_do_verify
EVP_Cipher
EVP_aes_256_gcm
EVP_aes_128_gcm
EVP_CIPHER_CTX_free
EC_POINT_oct2point
BN_bn2bin
EC_POINT_point2oct
BN_bin2bn
RSA_public_decrypt
RSA_sign
BN_div
RSA_size
RSA_blinding_on
BN_dup
EC_GROUP_get_order
DSA_free
BN_clear_free
EC_KEY_set_private_key
BN_value_one
EC_METHOD_get_field_type
EC_POINT_mul
RSA_new
RSA_free
ERR_get_error
EC_POINT_get_affine_coordinates_GFp
EC_KEY_set_public_key
BN_free
BN_CTX_get
EC_POINT_is_at_infinity
EC_POINT_free
EVP_aes_128_cbc
EC_KEY_free
BN_CTX_start
EC_KEY_get0_public_key
DSA_new
EC_POINT_new
BN_new
EC_KEY_get0_private_key
EC_KEY_get0_group
BN_CTX_new
BN_cmp
BN_sub
BN_CTX_free
EC_GROUP_method_of
EC_KEY_new_by_curve_name
BN_num_bits
kernel32
GetCommandLineA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineW
LoadLibraryExW
ReadConsoleOutputA
SetConsoleCursorPosition
Beep
FillConsoleOutputAttribute
WriteConsoleOutputA
SetConsoleCursorInfo
SetConsoleWindowInfo
GetConsoleCP
GetConsoleCursorInfo
ScrollConsoleScreenBufferA
SetConsoleScreenBufferSize
SetConsoleTextAttribute
FillConsoleOutputCharacterA
CreateWaitableTimerA
WaitForSingleObjectEx
SetStdHandle
WriteConsoleW
SetConsoleCtrlHandler
GetModuleFileNameW
GetLastError
ExitProcess
GetModuleHandleExW
FindClose
FindFirstFileExW
SetHandleInformation
FindNextFileW
CreateNamedPipeW
WaitForMultipleObjects
CreateThread
GetNamedPipeClientProcessId
ExitThread
GetQueuedCompletionStatus
FreeLibraryAndExitThread
OpenProcess
HeapFree
HeapAlloc
SetEvent
CloseHandle
GetCurrentProcessId
CreateProcessW
CreateEventA
CreateIoCompletionPort
ConnectNamedPipe
ReadFile
WriteFile
GetOverlappedResult
CompareStringW
LCMapStringW
LocalFree
GetStringTypeW
GetCurrentProcess
GetStdHandle
TerminateProcess
ReadConsoleW
WaitForMultipleObjectsEx
SetEndOfFile
GetCurrentThreadId
SetFilePointerEx
GetFileType
HeapReAlloc
GetFileSizeEx
OpenThread
FlushFileBuffers
IsValidCodePage
GetConsoleScreenBufferInfo
GetACP
GetOEMCP
GetCPInfo
CreateFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
RaiseException
WriteFileEx
CreateFileA
SleepEx
GetLocalTime
GetConsoleMode
WaitForSingleObject
GetExitCodeProcess
QueueUserAPC
MultiByteToWideChar
advapi32
EventWrite
EventRegister
RegDeleteTreeA
RevertToSelf
RegCloseKey
RegOpenCurrentUser
RegCreateKeyExA
RegDeleteKeyExA
RegEnumKeyExW
ImpersonateLoggedOnUser
RegDeleteTreeW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
CreateWellKnownSid
RegCreateKeyExW
IsWellKnownSid
RegSetValueExW
OpenProcessToken
CheckTokenMembership
DuplicateToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceA
StartServiceCtrlDispatcherW
OpenServiceW
crypt32
CryptProtectData
CryptUnprotectData
CryptStringToBinaryA
ws2_32
WSAGetLastError
WSASend
WSAStartup
user32
GetWindowPlacement
FindWindowA
ShowWindow
Sections
.text Size: 181KB - Virtual size: 181KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE