General
-
Target
2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk
-
Size
49.8MB
-
Sample
240425-kxl8gahc68
-
MD5
fa244f8a1d84b14e4132d691728175ce
-
SHA1
0c4ef9d94256f5aefce8fa98a6be4c90e94ab39d
-
SHA256
d008cfe6779cfd35d334a958ca613b8243529c5706cc06b598d589944b424b24
-
SHA512
286b10d839c399ac7620a3e7f07594310d5d15d87af242958328fb564c820431d2e9d5f75e663c83dacedc952d4674d0c9d53a60433a1f2f329627e7c8f1bb1e
-
SSDEEP
1572864:5skm68CYgwt2TGD3bs7vMjobyuQHJi0n:5M6mt2TaLsMsCpia
Behavioral task
behavioral1
Sample
2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk
-
Size
49.8MB
-
MD5
fa244f8a1d84b14e4132d691728175ce
-
SHA1
0c4ef9d94256f5aefce8fa98a6be4c90e94ab39d
-
SHA256
d008cfe6779cfd35d334a958ca613b8243529c5706cc06b598d589944b424b24
-
SHA512
286b10d839c399ac7620a3e7f07594310d5d15d87af242958328fb564c820431d2e9d5f75e663c83dacedc952d4674d0c9d53a60433a1f2f329627e7c8f1bb1e
-
SSDEEP
1572864:5skm68CYgwt2TGD3bs7vMjobyuQHJi0n:5M6mt2TaLsMsCpia
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-