Overview

overview

9

Static

static

3

2024-04-27...uk.exe

windows7-x64

9

2024-04-27...uk.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-27_c5d40dff30148a6a7a9d091f2a31d7c1_ryuk

  • Size

    13.0MB

  • Sample

    240427-m1zzvahf8w

  • MD5

    c5d40dff30148a6a7a9d091f2a31d7c1

  • SHA1

    e3897618a8189f632459e53f4b3e7459fd7f9917

  • SHA256

    c4f868791586ae4c2d25b0d4bcce85b8bef5f5b673d471de2e743156e9e8dfaf

  • SHA512

    787cdfc585753b1f8e53c3a971a4625b6f7d0fe64fd6ac5da762fb334d9dbbe3ee1ec1340028a1e3b69350d60eb688cdb833b4b7675a74a9e2375bddcb4c6462

  • SSDEEP

    393216:ELBjlUHq31/FKoL205Suuy0kiOJitcCWpT48SPt:QBjlUHK1/F3L2ASuuy/iCo6pYP

Score
9/10
evasionpersistencepyinstallerransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-04-27_c5d40dff30148a6a7a9d091f2a31d7c1_ryuk

    • Size

      13.0MB

    • MD5

      c5d40dff30148a6a7a9d091f2a31d7c1

    • SHA1

      e3897618a8189f632459e53f4b3e7459fd7f9917

    • SHA256

      c4f868791586ae4c2d25b0d4bcce85b8bef5f5b673d471de2e743156e9e8dfaf

    • SHA512

      787cdfc585753b1f8e53c3a971a4625b6f7d0fe64fd6ac5da762fb334d9dbbe3ee1ec1340028a1e3b69350d60eb688cdb833b4b7675a74a9e2375bddcb4c6462

    • SSDEEP

      393216:ELBjlUHq31/FKoL205Suuy0kiOJitcCWpT48SPt:QBjlUHK1/F3L2ASuuy/iCo6pYP

    Score
    9/10
    evasionpersistenceransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (333) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Resource Development

Reconnaissance

Tasks