2024-04-09_f6845d75dbee23c710d1c87ddc20ecee_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_f6845d75dbee23c710d1c87ddc20ecee_ryuk
Size

1.4MB
MD5

f6845d75dbee23c710d1c87ddc20ecee
SHA1

75a26815eab063f88a954622f65cb3dd9b9b4549
SHA256

aeabc55d827c34fadeec497abc3183bd7033a2378fa5214e5363bed7ef3f21d9
SHA512

292142b1ad52f64e89a7f4bcbc730ca62ca04990edb393608822857aeadf46d544b1db06cba74bc294e2e4f125085bb9262460eb733e37b0c805eecf639dd194
SSDEEP

24576:ULFncLhkkhWMC7g0RiCmTqz8h2XVo8KmUebReLUp/npXW3P9:ULFncLmkkU0ACmK8sXV2mIIpPpXWf9

Score

1^/10

Malware Config

Signatures

Files

2024-04-09_f6845d75dbee23c710d1c87ddc20ecee_ryuk
.exe windows:6 windows x64 arch:x64

492ef33e7a720093567560c5237d3927

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:b0:6f:66:2f:46:7b:d4:1d:0a:f5:0c:d9:c5:ca:66
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24/03/2023, 12:50

Not After

23/03/2024, 12:50

Subject

CN=Open Source Developer\, Vladimir Panteleev,O=Open Source Developer,L=Chisinau,C=MD,1.2.840.113549.1.9.1=#0c1e636f64657369676e40766c6164696d69722e70616e74656c6565762e6d64

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:b0:6f:66:2f:46:7b:d4:1d:0a:f5:0c:d9:c5:ca:66
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24/03/2023, 12:50

Not After

23/03/2024, 12:50

Subject

CN=Open Source Developer\, Vladimir Panteleev,O=Open Source Developer,L=Chisinau,C=MD,1.2.840.113549.1.9.1=#0c1e636f64657369676e40766c6164696d69722e70616e74656c6565762e6d64

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:51:11:85:a2:ea:82:35:16:95:0a:82:46:d8:c1:af:dd:23:ab:e2:04:45:a1:c0:01:02:b3:c6:21:1c:a4:a0
Signer

Actual PE Digest

a7:51:11:85:a2:ea:82:35:16:95:0a:82:46:d8:c1:af:dd:23:ab:e2:04:45:a1:c0:01:02:b3:c6:21:1c:a4:a0

Digest Algorithm

sha256

PE Digest Matches

true

5b:e1:dc:11:f4:3e:a2:43:66:30:56:78:2d:92:36:f5:1f:fc:3d:d6
Signer

Actual PE Digest

5b:e1:dc:11:f4:3e:a2:43:66:30:56:78:2d:92:36:f5:1f:fc:3d:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

gethostbyaddr
gethostbyname
getservbyport
getservbyname
getprotobynumber
WSACleanup
WSAStartup
inet_addr
inet_ntoa
WSAGetLastError
select
WSAIoctl
setsockopt
recvfrom
recv
sendto
send
getsockname
getpeername
closesocket
shutdown
accept
listen
connect
bind
getsockopt
ioctlsocket
getprotobyname
socket
htonl
htons
ntohs
ntohl

shell32

CommandLineToArgvW

advapi32

RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumValueW

kernel32

HeapReAlloc
ReadConsoleW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleCP
HeapAlloc
HeapFree
GetCommandLineA
TerminateProcess
ExitProcess
SetFilePointerEx
CreateFileW
WriteConsoleW
GetModuleFileNameW
ExitThread
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetProcessHeap
HeapSize
RaiseException
GetFileSizeEx
DuplicateHandle
GetSystemTimeAsFileTime
FlushFileBuffers
GetLastError
GetTimeZoneInformation
CloseHandle
EnterCriticalSection
ResumeThread
LeaveCriticalSection
WaitForSingleObject
GetExitCodeThread
Sleep
SwitchToThread
DeleteCriticalSection
GetCommandLineW
WideCharToMultiByte
LocalFree
GetModuleHandleA
GetProcAddress
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
IsDebuggerPresent
InitializeCriticalSection
GetConsoleScreenBufferInfo
LoadLibraryW
FreeLibrary
GetConsoleOutputCP
WriteFile
MultiByteToWideChar
VirtualAlloc
VirtualFree
lstrlenW
TryEnterCriticalSection
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
ExpandEnvironmentStringsW
FormatMessageW
GetStdHandle
LoadLibraryA
GetCurrentProcessId
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
CreateSemaphoreA
ReleaseSemaphore
RtlCaptureContext
GetEnvironmentVariableA
SetEvent
GlobalMemoryStatusEx
CreateEventW
OpenThread
TerminateThread
SuspendThread
GetThreadContext
GetModuleHandleExW
VerSetConditionMask
VerifyVersionInfoW
FreeLibraryAndExitThread
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ReadFile
CreateThread

Sections

.text
Size: 973KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._deh
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

492ef33e7a720093567560c5237d3927

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

24:b0:6f:66:2f:46:7b:d4:1d:0a:f5:0c:d9:c5:ca:66Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

24:b0:6f:66:2f:46:7b:d4:1d:0a:f5:0c:d9:c5:ca:66Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

a7:51:11:85:a2:ea:82:35:16:95:0a:82:46:d8:c1:af:dd:23:ab:e2:04:45:a1:c0:01:02:b3:c6:21:1c:a4:a0Signer

5b:e1:dc:11:f4:3e:a2:43:66:30:56:78:2d:92:36:f5:1f:fc:3d:d6Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shell32

advapi32

kernel32

Sections

.text Size: 973KB - Virtual size: 973KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 240KB - Virtual size: 246KB

.pdata Size: 52KB - Virtual size: 51KB

.tls Size: 67KB - Virtual size: 67KB

._deh Size: 6KB - Virtual size: 5KB

.minfo Size: 1024B - Virtual size: 720B

.tp Size: 512B - Virtual size: 196B

.dp Size: 1024B - Virtual size: 532B

.gfids Size: 512B - Virtual size: 184B

.rsrc Size: 1024B - Virtual size: 624B

.reloc Size: 14KB - Virtual size: 13KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

24:b0:6f:66:2f:46:7b:d4:1d:0a:f5:0c:d9:c5:ca:66
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

24:b0:6f:66:2f:46:7b:d4:1d:0a:f5:0c:d9:c5:ca:66
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

a7:51:11:85:a2:ea:82:35:16:95:0a:82:46:d8:c1:af:dd:23:ab:e2:04:45:a1:c0:01:02:b3:c6:21:1c:a4:a0
Signer

5b:e1:dc:11:f4:3e:a2:43:66:30:56:78:2d:92:36:f5:1f:fc:3d:d6
Signer

.text
Size: 973KB - Virtual size: 973KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 240KB - Virtual size: 246KB

.pdata
Size: 52KB - Virtual size: 51KB

.tls
Size: 67KB - Virtual size: 67KB

._deh
Size: 6KB - Virtual size: 5KB

.minfo
Size: 1024B - Virtual size: 720B

.tp
Size: 512B - Virtual size: 196B

.dp
Size: 1024B - Virtual size: 532B

.gfids
Size: 512B - Virtual size: 184B

.rsrc
Size: 1024B - Virtual size: 624B

.reloc
Size: 14KB - Virtual size: 13KB