2024-05-21_bb0c5dfa83a08bca2d711e30a176ada2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-21_bb0c5dfa83a08bca2d711e30a176ada2_ryuk
Size

1.6MB
MD5

bb0c5dfa83a08bca2d711e30a176ada2
SHA1

ceec86560ba5d3c2fc0b16017c48a9f64dfaf275
SHA256

6a42d2eb75ecda4eeb471902b7eb453c710af2c85250227804bf109d9801e81c
SHA512

af2441b45acda3b5c656af090e66594e7b512b3879f32f024a7361f5d20308560510ca6ee338b98561dca53fe260130cb60e64c9cb19ae37414976069dbb2884
SSDEEP

12288:f1MKvvgcgZwdpXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:fmGnpdpsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-21_bb0c5dfa83a08bca2d711e30a176ada2_ryuk

Files

2024-05-21_bb0c5dfa83a08bca2d711e30a176ada2_ryuk
.exe windows:6 windows x64 arch:x64

b0565cdccadf19e165e5c9e4185ebe4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ssh-agent.pdb

Imports

libcrypto

EVP_sha384
EVP_md5
DSA_SIG_free
EVP_sha256
DSA_SIG_new
EVP_Digest
EVP_sha1
EVP_sha512
EVP_CIPHER_CTX_key_length
DSA_do_verify
DSA_do_sign
EVP_CIPHER_CTX_new
EVP_aes_256_cbc
ECDSA_SIG_new
ECDSA_do_verify
ECDSA_SIG_free
ECDSA_do_sign
EVP_CipherInit
EVP_des_ede3_cbc
EVP_aes_192_cbc
EVP_CIPHER_CTX_set_app_data
EVP_CIPHER_CTX_get_app_data
AES_set_encrypt_key
AES_encrypt
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_set_key_length
RAND_bytes
EVP_aes_256_gcm
EVP_aes_128_gcm
EVP_CIPHER_CTX_free
EC_POINT_oct2point
BN_bn2bin
EC_POINT_point2oct
BN_bin2bn
RSA_public_decrypt
RSA_sign
BN_div
RSA_size
BN_CTX_new
BN_CTX_free
RSA_blinding_on
BN_dup
EC_GROUP_get_order
DSA_free
BN_clear_free
EC_KEY_set_private_key
BN_value_one
EC_METHOD_get_field_type
EC_POINT_mul
RSA_new
RSA_free
ERR_get_error
EC_POINT_get_affine_coordinates_GFp
EC_KEY_set_public_key
BN_free
EC_POINT_is_at_infinity
EC_POINT_free
EVP_aes_128_cbc
EC_KEY_free
EC_KEY_get0_public_key
DSA_new
EC_POINT_new
BN_new
EC_KEY_get0_private_key
EC_KEY_get0_group
BN_cmp
BN_sub
EC_GROUP_method_of
EC_KEY_new_by_curve_name
EVP_Cipher
BN_num_bits

kernel32

SetCurrentDirectoryW
SetEnvironmentVariableW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
LoadLibraryExW
ReadConsoleOutputA
SetConsoleCursorPosition
GetConsoleWindow
Beep
FillConsoleOutputAttribute
WriteConsoleOutputA
SetConsoleCursorInfo
SetConsoleWindowInfo
GetConsoleCP
GetConsoleCursorInfo
ScrollConsoleScreenBufferA
SetConsoleScreenBufferSize
SetConsoleTextAttribute
FillConsoleOutputCharacterA
GetCommandLineA
WriteConsoleW
SetConsoleCtrlHandler
GetModuleFileNameW
GetLastError
ExitProcess
GetModuleHandleExW
FindClose
FindFirstFileExW
SetHandleInformation
FindNextFileW
CreateNamedPipeW
WaitForMultipleObjects
CreateThread
GetNamedPipeClientProcessId
ExitThread
GetQueuedCompletionStatus
FreeLibraryAndExitThread
OpenProcess
HeapFree
HeapAlloc
SetEvent
CloseHandle
GetCurrentProcessId
CreateProcessW
CreateEventA
CreateIoCompletionPort
ConnectNamedPipe
ReadFile
WriteFile
GetOverlappedResult
CompareStringW
LCMapStringW
LocalFree
GetStringTypeW
GetCommandLineW
SetStdHandle
GetConsoleMode
GetCurrentProcess
GetStdHandle
TerminateProcess
ReadConsoleW
CreateWaitableTimerA
SetEndOfFile
GetCurrentThreadId
SetFilePointerEx
GetFileType
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenThread
FlushFileBuffers
HeapReAlloc
GetConsoleScreenBufferInfo
GetFileSizeEx
IsValidCodePage
WaitForSingleObject
CreateFileW
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetExitCodeProcess
FreeEnvironmentStringsW
WriteFileEx
CreateFileA
SleepEx
GetProcessHeap
HeapSize
RaiseException
GetLocalTime
QueueUserAPC
MultiByteToWideChar

advapi32

StartServiceCtrlDispatcherW
EventWrite
EventRegister
RegDeleteTreeA
RevertToSelf
RegCloseKey
RegOpenCurrentUser
RegCreateKeyExA
RegDeleteKeyExA
RegEnumKeyExW
ImpersonateLoggedOnUser
RegDeleteTreeW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
CreateWellKnownSid
RegCreateKeyExW
IsWellKnownSid
RegSetValueExW
OpenProcessToken
CheckTokenMembership
DuplicateToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceA
OpenServiceW

crypt32

CryptProtectData
CryptUnprotectData
CryptStringToBinaryA

ws2_32

WSAStartup
WSAGetLastError
WSASend

user32

GetWindowPlacement
ShowWindow

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0565cdccadf19e165e5c9e4185ebe4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto

kernel32

advapi32

crypt32

ws2_32

user32

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 3KB - Virtual size: 82KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 3KB - Virtual size: 82KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB