General

  • Target

    2024-05-15_09aaf7760f8c895431387cb36decb976_ryuk

  • Size

    1.6MB

  • Sample

    240515-nhfzpafb78

  • MD5

    09aaf7760f8c895431387cb36decb976

  • SHA1

    46c9bf56888de5f62364ab2535af25a793c8e715

  • SHA256

    fd628a0c1942be5f2ae3ca388c783043b0f8a2615035c32148f83c51ef3ae2ba

  • SHA512

    f3ffeeddc1b322d88f7eaea3fc816729b79f1115ac73b174dfe658db646abdb8fd32ac89adc353f99b01ade7b0ef691ad033becbae51de6075e5825743ce630f

  • SSDEEP

    24576:5MA7qV/ccqNgPgtsqjnhMgeiCl7G0nehbGZpbD:5MA4pqNoCDmg27RnWGj

Malware Config

Targets

    • Target

      2024-05-15_09aaf7760f8c895431387cb36decb976_ryuk

    • Size

      1.6MB

    • MD5

      09aaf7760f8c895431387cb36decb976

    • SHA1

      46c9bf56888de5f62364ab2535af25a793c8e715

    • SHA256

      fd628a0c1942be5f2ae3ca388c783043b0f8a2615035c32148f83c51ef3ae2ba

    • SHA512

      f3ffeeddc1b322d88f7eaea3fc816729b79f1115ac73b174dfe658db646abdb8fd32ac89adc353f99b01ade7b0ef691ad033becbae51de6075e5825743ce630f

    • SSDEEP

      24576:5MA7qV/ccqNgPgtsqjnhMgeiCl7G0nehbGZpbD:5MA4pqNoCDmg27RnWGj

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks