9ebc6d33bedae10e7c2a1c4c39d69a7f470d826fdf55a91f88d946e7412372a2 | Triage

Submit
Reports

Overview

overview

Static

static

2024-05-24...uk.exe

windows7-x64

9

2024-05-24...uk.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_1e52bd3294a9e2917b12364903285695_ryuk
Size

14.4MB
Sample

240524-nkdbksfa61
MD5

1e52bd3294a9e2917b12364903285695
SHA1

faeaa16917726aa1c8a87b44e6c8b02feec7acd3
SHA256

9ebc6d33bedae10e7c2a1c4c39d69a7f470d826fdf55a91f88d946e7412372a2
SHA512

d9ebbb116e5c890d88baef3009cf61f5f9431e06cbf8c4967e712f58e9897124d04b3c032733eab4f137cc0ec289542d1ea27d5afe8f9e9490937bd20f1be2cc
SSDEEP

196608:koyFcLu+zRYQOKrOg27h211U/OE09IqCh2b4CAounVQBWG:koO1Qdrz27h2QOE0OqI2bRB

Score

10^/10

discovery spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2024-05-24_1e52bd3294a9e2917b12364903285695_ryuk.exe

Resource

win7-20240508-en

discovery spyware stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-24_1e52bd3294a9e2917b12364903285695_ryuk.exe

Resource

win10v2004-20240426-en

discovery spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-05-24_1e52bd3294a9e2917b12364903285695_ryuk
- Size
  
  14.4MB
- MD5
  
  1e52bd3294a9e2917b12364903285695
- SHA1
  
  faeaa16917726aa1c8a87b44e6c8b02feec7acd3
- SHA256
  
  9ebc6d33bedae10e7c2a1c4c39d69a7f470d826fdf55a91f88d946e7412372a2
- SHA512
  
  d9ebbb116e5c890d88baef3009cf61f5f9431e06cbf8c4967e712f58e9897124d04b3c032733eab4f137cc0ec289542d1ea27d5afe8f9e9490937bd20f1be2cc
- SSDEEP
  
  196608:koyFcLu+zRYQOKrOg27h211U/OE09IqCh2b4CAounVQBWG:koO1Qdrz27h2QOE0OqI2bRB
Score

9^/10

discovery spyware stealer
- Detects executables packed with Dotfuscator
- Detects executables packed with SmartAssembly
- Detects executables packed with Yano Obfuscator
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2025

Terms | Privacy