General

  • Target

    2024-05-29_403247abe5f84db7044e99579e3ec0e2_ryuk

  • Size

    11.8MB

  • MD5

    403247abe5f84db7044e99579e3ec0e2

  • SHA1

    382f3feccc7058b8e67ea2bed7e5011004757d5a

  • SHA256

    7527e05673a1fd3ac071182e9ea54996e6040edde3ff27c6ba7060295e7a5fa1

  • SHA512

    849bb5f228dcd0bb162eca526bb9002632513b16464b1bc41f5823c27fb8202e4f85f71b39ca4bb766d03a11b5e31cc6f6a5466f93ed1a6e01ce4d2d6f9279bc

  • SSDEEP

    98304:U5K6+qaAWh6dKOQDRfCZUzW9L4Tznd7QStqS1MSFP7XU66d:OSn5EQDRfCZUi94ndcnoMSx7XUV

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing possible sandbox analysis VM usernames 1 IoCs

Files

  • 2024-05-29_403247abe5f84db7044e99579e3ec0e2_ryuk
    .exe windows:6 windows x64 arch:x64

    9577658005f8f9b1c866d3830bffed67


    Code Sign

    Headers

    Imports

    Exports

    Sections