General
-
Target
2024-05-26_1f4b9fdf5c71893e3379cd3f903765fe_cobalt-strike_ryuk
-
Size
960KB
-
Sample
240526-b75ywsbb94
-
MD5
1f4b9fdf5c71893e3379cd3f903765fe
-
SHA1
9196acb54531f32f0094fea5ca23ad63d44c24fc
-
SHA256
53f31f8434c996d2ebb17306377efbaa2644dc0a8254e9fad0e032373cc61812
-
SHA512
3809e41e107392e1c7d0bf93f4dce4834f6390a6063c50880995ffaad0fa0e5a67e3c9b3a66e119b657de464b16c9adbe65fda81f986e938fc058b93ac543097
-
SSDEEP
12288:fvgHx5kbV4kGgqogdKvxn+ImytCh2Cq/B7H7ab3NQEHWv3s8WWFVdbIIIIIIIIIT:fIDCV4kGgq2+9miqJ7mb3ZHER+d
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-26_1f4b9fdf5c71893e3379cd3f903765fe_cobalt-strike_ryuk.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
2.0.0
Default
www.speow2.net:65503
5D92ABD8732AC4E9738604E9872D9A2C
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
2024-05-26_1f4b9fdf5c71893e3379cd3f903765fe_cobalt-strike_ryuk
-
Size
960KB
-
MD5
1f4b9fdf5c71893e3379cd3f903765fe
-
SHA1
9196acb54531f32f0094fea5ca23ad63d44c24fc
-
SHA256
53f31f8434c996d2ebb17306377efbaa2644dc0a8254e9fad0e032373cc61812
-
SHA512
3809e41e107392e1c7d0bf93f4dce4834f6390a6063c50880995ffaad0fa0e5a67e3c9b3a66e119b657de464b16c9adbe65fda81f986e938fc058b93ac543097
-
SSDEEP
12288:fvgHx5kbV4kGgqogdKvxn+ImytCh2Cq/B7H7ab3NQEHWv3s8WWFVdbIIIIIIIIIT:fIDCV4kGgq2+9miqJ7mb3ZHER+d
-
Async RAT payload
-
Detects executables attemping to enumerate video devices using WMI
-
Detects executables containing the string DcRatBy
-