ryuk | 6b9a013adad9842c270d718b90a178dce6fd16f4697f0b711e0e7f2790f1c289 | Triage

Sharing

General

Target

d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.zip
Size

65KB
Sample

240417-x8l33adb8v
MD5

ff452a7f416740a3ac2bf2abca64ba41
SHA1

2f05a13d55278b303ed2406c38fa263e8671652f
SHA256

6b9a013adad9842c270d718b90a178dce6fd16f4697f0b711e0e7f2790f1c289
SHA512

e53ac79f4b2c67f10606af187f031a9e7c0351eb91251f3da835fa92f34c7f66102cde411b81b1afacc88729eba34aa7ced56b75485322042a1084a755db31e9
SSDEEP

1536:j65MK23mw6HmF8aZUIsSiM1M9sQr+wP7TexdimBxDO:yMXY6l+LSiM1MGy+xzK

Score

10^/10

ryuk discovery ransomware

Malware Config

Targets

- Target
  
  d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
- Size
  
  131KB
- MD5
  
  2cc630e080bb8de5faf9f5ae87f43f8b
- SHA1
  
  5a385b8b4b88b6eb93b771b7fbbe190789ef396a
- SHA256
  
  d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9
- SHA512
  
  901939718692e20a969887e64db581d6fed62c99026709c672edb75ebfa35ce02fa68308d70d463afbcc42a46e52ea9f7bc5ed93e5dbf3772d221064d88e11d7
- SSDEEP
  
  3072:j06qm9E8obCg2QdgYdrp23suV+eGg21Yg:j06qHnOg3df9eAJ
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Renames multiple (2676) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ryukdiscoveryransomware