General
-
Target
2024-04-27_c5d40dff30148a6a7a9d091f2a31d7c1_ryuk
-
Size
13.0MB
-
Sample
240427-m1zzvahf8w
-
MD5
c5d40dff30148a6a7a9d091f2a31d7c1
-
SHA1
e3897618a8189f632459e53f4b3e7459fd7f9917
-
SHA256
c4f868791586ae4c2d25b0d4bcce85b8bef5f5b673d471de2e743156e9e8dfaf
-
SHA512
787cdfc585753b1f8e53c3a971a4625b6f7d0fe64fd6ac5da762fb334d9dbbe3ee1ec1340028a1e3b69350d60eb688cdb833b4b7675a74a9e2375bddcb4c6462
-
SSDEEP
393216:ELBjlUHq31/FKoL205Suuy0kiOJitcCWpT48SPt:QBjlUHK1/F3L2ASuuy/iCo6pYP
Behavioral task
behavioral1
Sample
2024-04-27_c5d40dff30148a6a7a9d091f2a31d7c1_ryuk.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-04-27_c5d40dff30148a6a7a9d091f2a31d7c1_ryuk.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
2024-04-27_c5d40dff30148a6a7a9d091f2a31d7c1_ryuk
-
Size
13.0MB
-
MD5
c5d40dff30148a6a7a9d091f2a31d7c1
-
SHA1
e3897618a8189f632459e53f4b3e7459fd7f9917
-
SHA256
c4f868791586ae4c2d25b0d4bcce85b8bef5f5b673d471de2e743156e9e8dfaf
-
SHA512
787cdfc585753b1f8e53c3a971a4625b6f7d0fe64fd6ac5da762fb334d9dbbe3ee1ec1340028a1e3b69350d60eb688cdb833b4b7675a74a9e2375bddcb4c6462
-
SSDEEP
393216:ELBjlUHq31/FKoL205Suuy0kiOJitcCWpT48SPt:QBjlUHK1/F3L2ASuuy/iCo6pYP
Score9/10-
Renames multiple (333) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-