General

  • Target

    2024-04-28_170a64b127d299a9da3682c4e935f26c_ryuk

  • Size

    1.1MB

  • Sample

    240428-wmrkzsdc75

  • MD5

    170a64b127d299a9da3682c4e935f26c

  • SHA1

    6c265b7411a70975a0e5a4d16c5ccd6aa7fc489c

  • SHA256

    98cfd16b11304be056dce24af429e32dfc183cd9fc71fc50602fae2e4d668c0f

  • SHA512

    bbe0a75864917292f9f1ea8a637b749a71da1e0299b6d4b0f983f579c474d01528567dff005c73f3cf94785726684b8b64433d0bd51bcd332005795b5703c919

  • SSDEEP

    24576:WSi1SoCU5qJSr1eWPSCsP0MugC6eTaqMrfUgYbkhqfj8uqw:GS7PLjeT+rfPOkhqvq

Score
7/10

Malware Config

Targets

    • Target

      2024-04-28_170a64b127d299a9da3682c4e935f26c_ryuk

    • Size

      1.1MB

    • MD5

      170a64b127d299a9da3682c4e935f26c

    • SHA1

      6c265b7411a70975a0e5a4d16c5ccd6aa7fc489c

    • SHA256

      98cfd16b11304be056dce24af429e32dfc183cd9fc71fc50602fae2e4d668c0f

    • SHA512

      bbe0a75864917292f9f1ea8a637b749a71da1e0299b6d4b0f983f579c474d01528567dff005c73f3cf94785726684b8b64433d0bd51bcd332005795b5703c919

    • SSDEEP

      24576:WSi1SoCU5qJSr1eWPSCsP0MugC6eTaqMrfUgYbkhqfj8uqw:GS7PLjeT+rfPOkhqvq

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks