2024-05-08_8d5299718b2606ccc5e1abeb00cb0bfc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-08_8d5299718b2606ccc5e1abeb00cb0bfc_ryuk
Size

860KB
MD5

8d5299718b2606ccc5e1abeb00cb0bfc
SHA1

b2a77208995d5ee92778d59cabd9bbd2dc206a50
SHA256

ade2610a3428be61f19ab7a33a921d0f52dcc8d5d409e3e55c88cab7dd119f93
SHA512

397aaf6461362f59a06988279105788aeb5ab1ee88634d818091f2bf5d8b954aced4d3082cd32360cbedc72b0b90c4054d6f4d5309451516bc38e2b7e686f567
SSDEEP

12288:RGIp1oz2+28U4K5KN0AhHFJyG4cBZovEu4uDLoDRWATD5y9n:RnoC+2F4K5y0ElXXBZovEuXDLSf5a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-08_8d5299718b2606ccc5e1abeb00cb0bfc_ryuk

Files

2024-05-08_8d5299718b2606ccc5e1abeb00cb0bfc_ryuk
.exe windows:5 windows x64 arch:x64

3deb194d81399469830665d5c294d2d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Y:\inventory\InventoryC++\x64\Release\DirectoryCredentialsQuery64.pdb

Imports

kernel32

WriteFile
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GetCurrentThread
TerminateThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
ReadFile
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
FreeLibrary
GetProcAddress
GetLongPathNameW
GetFileSize
FindClose
LoadLibraryA
GetModuleFileNameW
GetModuleHandleW
CreateFileW
GetFileAttributesW
GetFileAttributesExW
GetStdHandle
GetTickCount
ReleaseMutex
CreateMutexW
OpenMutexW
GetComputerNameW
OpenEventW
GetSystemInfo
Sleep
TerminateProcess
FlushFileBuffers
GetACP
GetOEMCP
GetStringTypeW
GetCPInfo
EncodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
OutputDebugStringW
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleCP
GetConsoleMode
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetFilePointerEx
WriteConsoleW
GetCurrentThreadId
GetCurrentProcessId
CreateEventW
DuplicateHandle
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
LocalFree
GlobalFree
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
HeapFree
FindNextFileW
InitializeCriticalSectionAndSpinCount

user32

CharLowerBuffW
CharUpperBuffW

rpcrt4

UuidFromStringW

netapi32

NetServerGetInfo
NetApiBufferFree
NetShareGetInfo
NetWkstaGetInfo
NetGetJoinInformation
NetRemoteTOD

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

imagehlp

ImageUnload
ImageLoad

ws2_32

htons
htonl

advapi32

GetTokenInformation
OpenThreadToken
SetThreadToken
RevertToSelf
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
LookupAccountSidW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegConnectRegistryW
LookupAccountNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegLoadKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
DuplicateTokenEx
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
SetNamedSecurityInfoW
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
InitializeSecurityDescriptor
AddAce
GetAclInformation
InitializeAcl
CopySid
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
OpenProcessToken
ConvertStringSidToSidW
ConvertSidToStringSidW
EqualSid
GetAce
ImpersonateLoggedOnUser

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx

oleaut32

SystemTimeToVariantTime
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

Sections

.text
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3deb194d81399469830665d5c294d2d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

rpcrt4

netapi32

version

imagehlp

ws2_32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 544KB - Virtual size: 544KB

.rdata Size: 255KB - Virtual size: 254KB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 37KB - Virtual size: 37KB

.gfids Size: 512B - Virtual size: 352B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 544KB - Virtual size: 544KB

.rdata
Size: 255KB - Virtual size: 254KB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 37KB - Virtual size: 37KB

.gfids
Size: 512B - Virtual size: 352B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB