d008cfe6779cfd35d334a958ca613b8243529c5706cc06b598d589944b424b24 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

2024-04-25...uk.exe

windows7-x64

8

2024-04-25...uk.exe

windows10-2004-x64

8

Sharing

General

Target

2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk
Size

49.8MB
Sample

240425-kxl8gahc68
MD5

fa244f8a1d84b14e4132d691728175ce
SHA1

0c4ef9d94256f5aefce8fa98a6be4c90e94ab39d
SHA256

d008cfe6779cfd35d334a958ca613b8243529c5706cc06b598d589944b424b24
SHA512

286b10d839c399ac7620a3e7f07594310d5d15d87af242958328fb564c820431d2e9d5f75e663c83dacedc952d4674d0c9d53a60433a1f2f329627e7c8f1bb1e
SSDEEP

1572864:5skm68CYgwt2TGD3bs7vMjobyuQHJi0n:5M6mt2TaLsMsCpia

Score

8^/10

evasion pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk.exe

Resource

win7-20240221-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-25_fa244f8a1d84b14e4132d691728175ce_ryuk
- Size
  
  49.8MB
- MD5
  
  fa244f8a1d84b14e4132d691728175ce
- SHA1
  
  0c4ef9d94256f5aefce8fa98a6be4c90e94ab39d
- SHA256
  
  d008cfe6779cfd35d334a958ca613b8243529c5706cc06b598d589944b424b24
- SHA512
  
  286b10d839c399ac7620a3e7f07594310d5d15d87af242958328fb564c820431d2e9d5f75e663c83dacedc952d4674d0c9d53a60433a1f2f329627e7c8f1bb1e
- SSDEEP
  
  1572864:5skm68CYgwt2TGD3bs7vMjobyuQHJi0n:5M6mt2TaLsMsCpia
Score

8^/10

evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy