2024-04-24_f9083ba546a1793a9f3b19221f6a8d8a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-24_f9083ba546a1793a9f3b19221f6a8d8a_ryuk
Size

17.5MB
MD5

f9083ba546a1793a9f3b19221f6a8d8a
SHA1

106adcf4c6bcc5a557df719e851950dd5562fa0c
SHA256

4801d23b8d58bb73af099aa76f7920f57c3cf9fc808c70a04f49b9833ac3fc83
SHA512

ac374351e9054c69a47bea1e6a857b801f0fb284d0aeed768fb69f3bd5f753a4f320ccdbdf68eb552029817d4a2be3c04494e6c7b33cbcc7025da8e078be6db4
SSDEEP

98304:7oAnDUsMfi6TML6+ZDK6hxmYouP/VoZaNZQhqpyajFLOAkGkzdnEVomFHKnP:7rIsUNxVuYiUqpyajFLOyomFHKnP

Score

10^/10

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-24_f9083ba546a1793a9f3b19221f6a8d8a_ryuk

Files

2024-04-24_f9083ba546a1793a9f3b19221f6a8d8a_ryuk
.exe windows:6 windows x64 arch:x64

b85571f8c9ee65770292608740ebb53e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\work\SwitchER\x64\Release\SwitchER.pdb

Imports

kernel32

GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableA
GetDriveTypeW
GetACP
GetStdHandle
VirtualQuery
FreeEnvironmentStringsW
GetSystemInfo
HeapQueryInformation
GetCommandLineA
SetStdHandle
ExitProcess
GetFileType
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
LCMapStringW
GetCPInfo
SetFilePointerEx
FindFirstFileExW
GetStringTypeW
OutputDebugStringW
WriteConsoleW
VirtualAlloc
GlobalAddAtomW
LockResource
LoadResource
FindResourceW
GetSystemTime
lstrlenW
CreateEventW
CloseHandle
WaitForSingleObject
Sleep
SetEvent
DeleteFileW
RemoveDirectoryW
GetModuleHandleW
CopyFileW
lstrcmpA
MultiByteToWideChar
CreateDirectoryW
GetModuleFileNameW
GetTempPathW
GetLastError
SetFilePointer
CreateFileW
ReadFile
SetFileAttributesW
WriteFile
GetVersionExW
WideCharToMultiByte
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
GetTickCount
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GetCurrentThreadId
WaitForMultipleObjects
GlobalAlloc
GetTickCount64
OpenProcess
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcmpW
lstrcpyW
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
InitializeCriticalSection
OpenMutexW
CreateMutexW
GetCommandLineW
GlobalFree
lstrcpynW
QueryDosDeviceW
GetLocalTime
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
LocalFree
FormatMessageW
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
FreeResource
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GlobalDeleteAtom
SizeofResource
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetProfileIntW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
GetThreadLocale
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
GetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
FindResourceExW
SearchPathW
GetTempFileNameW
SetErrorMode
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW

user32

IsDialogMessageW
SetWindowTextW
IsWindowEnabled
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
UpdateWindow
TrackPopupMenuEx
SetMenu
GetMenu
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
PeekMessageW
RegisterWindowMessageW
InsertMenuW
GetMenuItemID
GetMenuState
GetMenuStringW
GetIconInfo
OffsetRect
DrawStateW
SetRectEmpty
keybd_event
SendInput
AttachThreadInput
GetGUIThreadInfo
EnumWindows
GetWindowInfo
GetWindow
EnableMenuItem
CheckMenuItem
SetActiveWindow
DestroyCursor
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
UnhookWindowsHookEx
DestroyIcon
DrawIcon
IsIconic
SetWindowsHookExW
FindWindowW
GetSystemMenu
SetMenuItemBitmaps
CallNextHookEx
ChangeClipboardChain
SetClipboardViewer
SetLayeredWindowAttributes
GetWindowLongW
SetWindowLongW
UnregisterClassW
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
SetDlgItemTextA
ActivateKeyboardLayout
LoadKeyboardLayoutW
IsWindow
GetClientRect
IsWindowVisible
InvalidateRect
GetDC
GetWindowThreadProcessId
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyboardState
MessageBoxW
GetKeyboardLayout
GetKeyboardLayoutNameA
GetForegroundWindow
CopyIcon
DispatchMessageW
TranslateMessage
WindowFromPoint
ClientToScreen
GetDoubleClickTime
GetWindowDC
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
GetKeyNameTextW
MapVirtualKeyW
SendDlgItemMessageA
GetMenuItemInfoW
RegisterClipboardFormatW
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
SetWindowRgn
GetSysColorBrush
DrawIconEx
GetMessageW
ShowOwnedPopups
GetAsyncKeyState
GrayStringW
DrawTextExW
TabbedTextOutW
ReleaseCapture
GetCapture
CopyImage
RealChildWindowFromPoint
UnpackDDElParam
TrackMouseEvent
IsZoomed
CharUpperW
DeleteMenu
NotifyWinEvent
LoadIconW
IsRectEmpty
CopyRect
GetDlgItem
GetDesktopWindow
RedrawWindow
InflateRect
DrawFrameControl
DrawFocusRect
GetSysColor
DrawTextW
GetWindowTextW
GetFocus
KillTimer
SetTimer
SetRect
LoadCursorW
SetCursor
SetCursorPos
CreatePopupMenu
GetMenuItemCount
RemoveMenu
DrawMenuBar
AppendMenuW
ReleaseDC
SetForegroundWindow
SetFocus
CreateWindowExW
SetWindowPos
WindowFromDC
BringWindowToTop
MessageBeep
GetParent
GetCaretPos
SystemParametersInfoW
FillRect
FrameRect
DrawEdge
GetClassInfoW
DefWindowProcW
IntersectRect
GetKeyState
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetSystemMetrics
GetMessagePos
PtInRect
InvertRect
SetCapture
ClipCursor
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
EnumDisplayMonitors
LoadImageW
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
EnableWindow
PostMessageW
SendMessageW
GetWindowRgn
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
MapVirtualKeyExW
IsCharLowerW
SubtractRect
HideCaret
CreateAcceleratorTableW
ToUnicodeEx
CharUpperBuffW
GetUpdateRect
SetClassLongPtrW
DestroyAcceleratorTable
ModifyMenuW
LockWindowUpdate
SetParent
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
WaitMessage
PostThreadMessageW
ReuseDDElParam
SetSystemCursor
GetWindowRect

gdi32

GetTextFaceW
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
SetPaletteEntries
ExtFloodFill
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
GetPaletteEntries
CreatePalette
RoundRect
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateDIBSection
CreateRoundRectRgn
Polyline
Polygon
GetTextColor
Ellipse
CreateEllipticRgn
DPtoLP
SetRectRgn
GetMapMode
CombineRgn
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetObjectType
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
SetBkColor
CreateDCW
CopyMetaFileW
SetDIBitsToDevice
SetStretchBltMode
GetPixel
PatBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontW
CreatePen
BitBlt
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GetCurrentObject
GetTextExtentPoint32W
FillRgn
CreatePolygonRgn
DeleteObject
SetBkMode
Rectangle
SelectObject
CreateSolidBrush
SetTextColor
SetDCBrushColor
DeleteDC
GetTextMetricsW
CreateFontIndirectW
GetObjectW

msimg32

AlphaBlend
TransparentBlt

comdlg32

ChooseColorW
ChooseFontW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW

shell32

SHGetFolderPathW
ShellExecuteW
DragQueryFileW
CommandLineToArgvW
Shell_NotifyIconW
SHAppBarMessage
SHGetFileInfoW
DragFinish
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ExtractIconExW

comctl32

ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
StrFormatKBSizeW
PathStripToRootW
StrCmpW

uxtheme

GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground

ole32

OleFlushClipboard
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
OleGetClipboard
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

oleaut32

VariantTimeToSystemTime
VariantInit
VariantClear
VariantChangeType
SysAllocString
LoadTypeLi
SysStringLen
SafeArrayDestroy
VarDateFromStr
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
SystemTimeToVariantTime
VarUdateFromDate
SysFreeString
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b85571f8c9ee65770292608740ebb53e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 48KB - Virtual size: 124KB

.pdata Size: 146KB - Virtual size: 145KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 12.9MB - Virtual size: 12.9MB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 48KB - Virtual size: 124KB

.pdata
Size: 146KB - Virtual size: 145KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 12.9MB - Virtual size: 12.9MB

.reloc
Size: 78KB - Virtual size: 78KB