2024-04-10_cbb336e2765aaab14358d2a20b5c2019_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_cbb336e2765aaab14358d2a20b5c2019_ryuk
Size

3.1MB
MD5

cbb336e2765aaab14358d2a20b5c2019
SHA1

d31ab2129a813903b8c9c77cfe9a0ee367707830
SHA256

e18f8f491ffd27daec8ec652018a79aac514e3db21f032e2313b98db5b5529c1
SHA512

904e4ae739789664a9b60aa83cc8ce4dd1d207f2ba5e24b51e2ec5f42b9237500b6c321e61450e5700e4773f3ed1e444646af3c77b2692ec3e68ee4c94d5adb6
SSDEEP

49152:KkN62WSJQTPTqATr7xXKvXyUTEkjNnJEozVApYbToCBgxkvomWTVk3KXaLppM3w7:QTqQqZr1VApYbToCsWSZ90J5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-10_cbb336e2765aaab14358d2a20b5c2019_ryuk

Files

2024-04-10_cbb336e2765aaab14358d2a20b5c2019_ryuk
.exe windows:5 windows x64 arch:x64

310439d7c391e9b663f7b62f1ede2f43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\c\b\win_x64_archive\src\out\Release_x64\initialexe\chrome.exe.pdb

Imports

chrome_elf

SignalChromeElf

advapi32

ImpersonateNamedPipeClient
GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
SystemFunction036
OpenProcessToken
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
GetTokenInformation
LookupPrivilegeValueW
CreateProcessAsUserW
SetThreadToken
ConvertSidToStringSidW
SetEntriesInAclW
GetSecurityInfo

gdi32

DeleteObject
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SelectObject
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
GetTextMetricsW
SetWorldTransform
CreateDIBSection
ExtTextOutW
GetTextFaceW
GdiFlush
CreateFontIndirectW
CreateCompatibleDC
DeleteDC

kernel32

GetCurrentThreadId
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetProcessId
SetCurrentDirectoryW
SetProcessShutdownParameters
LoadLibraryExW
VirtualAlloc
VirtualFree
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapReAlloc
HeapFree
GetComputerNameExW
ExitProcess
GetCurrentDirectoryW
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringA
CloseHandle
GetCurrentProcessId
GetTickCount
GetModuleFileNameW
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineW
LocalFree
ExpandEnvironmentStringsW
GetVersionExW
GetNativeSystemInfo
TerminateProcess
GetExitCodeProcess
OpenProcess
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsDebuggerPresent
RaiseException
CreateThread
GetProcessTimes
GetSystemInfo
VirtualQueryEx
VirtualQuery
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateDirectoryW
GetFileAttributesW
GetLongPathNameW
QueryDosDeviceW
GetTempPathW
UnregisterWaitEx
RegisterWaitForSingleObject
GetUserDefaultLangID
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadId
GetModuleHandleExW
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateEventW
SetEvent
SetInformationJobObject
LoadLibraryW
FindClose
FindFirstFileExW
FindNextFileW
LoadResource
LockResource
SizeofResource
FindResourceW
ResetEvent
CompareStringW
DecodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
SuspendThread
ResumeThread
GetThreadContext
Wow64GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
HeapSetInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateJobObject
WriteProcessMemory
AssignProcessToJobObject
FreeLibrary
GetFileType
SetHandleInformation
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
CreateMutexW
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
CreateRemoteThread
CreateProcessW
DebugBreak
lstrlenW
SearchPathW
ReleaseSemaphore
CreateSemaphoreW
VirtualProtect
LoadLibraryExA
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
GetVersion
DisconnectNamedPipe
ConnectNamedPipe
UnlockFileEx
LockFileEx
GetUserDefaultUILanguage
GetEnvironmentVariableW
HeapSize
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
WriteConsoleW
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetStdHandle
GetACP
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
PeekNamedPipe
GetDriveTypeW
GetProcessHeap
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
EncodePointer
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetLastError
GetLastError
GetProcAddress
GetModuleHandleA
PostQueuedCompletionStatus
ReadProcessMemory

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW

user32

FindWindowExW
SystemParametersInfoW
GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CloseDesktop
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
SendMessageTimeoutW

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

rpcrt4

UuidCreate

winhttp

WinHttpOpen
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

310439d7c391e9b663f7b62f1ede2f43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

chrome_elf

advapi32

gdi32

kernel32

shell32

user32

usp10

version

winmm

wtsapi32

rpcrt4

winhttp

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 421KB - Virtual size: 421KB

.data Size: 13KB - Virtual size: 58KB

.pdata Size: 108KB - Virtual size: 108KB

.gfids Size: 1024B - Virtual size: 772B

.tls Size: 512B - Virtual size: 2B

_RDATA Size: 32KB - Virtual size: 32KB

.rsrc Size: 123KB - Virtual size: 122KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 421KB - Virtual size: 421KB

.data
Size: 13KB - Virtual size: 58KB

.pdata
Size: 108KB - Virtual size: 108KB

.gfids
Size: 1024B - Virtual size: 772B

.tls
Size: 512B - Virtual size: 2B

_RDATA
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 123KB - Virtual size: 122KB

.reloc
Size: 19KB - Virtual size: 18KB