General
-
Target
2024-05-26_9694a757610e36c089f6a67bfdb9b7bc_ryuk
-
Size
202KB
-
Sample
240526-b3hmssac4v
-
MD5
9694a757610e36c089f6a67bfdb9b7bc
-
SHA1
207d8312e9bcfffb4b8b3e616b23b9996d1ebb00
-
SHA256
56831ca7d36b4c44b0730bc0fde49fd3fa4a626c04e90334022312f75fcebd95
-
SHA512
49257d7ee75e423f0121a72fde0f7c3b8157985e841cb066b412d78cd107c6f7db6f745889523bc123958682a7e66518eaba7b7a6f11cfc0b521ac0478a5f728
-
SSDEEP
1536:mGpouhuhkoWnR16e25SEhTMSj/kwgDmVKfY3wKEp8EgIbsW9d7B9dleMPQUlRH6:khkoa6ebEhoSNzVK0wKEpf19VMMoe6
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-26_9694a757610e36c089f6a67bfdb9b7bc_ryuk.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-26_9694a757610e36c089f6a67bfdb9b7bc_ryuk.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
SirkingDestro90@protonmail.com
RyeleeKuramoto90@protonmail.com
Targets
-
-
Target
2024-05-26_9694a757610e36c089f6a67bfdb9b7bc_ryuk
-
Size
202KB
-
MD5
9694a757610e36c089f6a67bfdb9b7bc
-
SHA1
207d8312e9bcfffb4b8b3e616b23b9996d1ebb00
-
SHA256
56831ca7d36b4c44b0730bc0fde49fd3fa4a626c04e90334022312f75fcebd95
-
SHA512
49257d7ee75e423f0121a72fde0f7c3b8157985e841cb066b412d78cd107c6f7db6f745889523bc123958682a7e66518eaba7b7a6f11cfc0b521ac0478a5f728
-
SSDEEP
1536:mGpouhuhkoWnR16e25SEhTMSj/kwgDmVKfY3wKEp8EgIbsW9d7B9dleMPQUlRH6:khkoa6ebEhoSNzVK0wKEpf19VMMoe6
Score10/10-
Detects command variations typically used by ransomware
-
Renames multiple (2584) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-