General
-
Target
2024-06-07_1e1a25da406899d94b32fed9f390c905_ryuk
-
Size
15.7MB
-
Sample
240607-bb5y1seg7v
-
MD5
1e1a25da406899d94b32fed9f390c905
-
SHA1
8bddeafe801194dbb9996912cf85ebe9ac4ec2fb
-
SHA256
c0e5618e2834c0eaa58b14426c0cb0dd619ad786a721d957983088ce7be50169
-
SHA512
6c2a45f40466e63c204f9c127fe026be58daea4dafb1c28c43a887218bd4252eb5f06c8169489ab4e6ef6221b63ff6e12a0144cbd2ba6c8c23a0f660a0876cb1
-
SSDEEP
393216:dnFIx2cyV+lh2pyCtM+/NcYtN3ZWSJ/ovTsYFaeI:N4yVcQpjtMwftN31JYaR
Behavioral task
behavioral1
Sample
2024-06-07_1e1a25da406899d94b32fed9f390c905_ryuk.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
2024-06-07_1e1a25da406899d94b32fed9f390c905_ryuk
-
Size
15.7MB
-
MD5
1e1a25da406899d94b32fed9f390c905
-
SHA1
8bddeafe801194dbb9996912cf85ebe9ac4ec2fb
-
SHA256
c0e5618e2834c0eaa58b14426c0cb0dd619ad786a721d957983088ce7be50169
-
SHA512
6c2a45f40466e63c204f9c127fe026be58daea4dafb1c28c43a887218bd4252eb5f06c8169489ab4e6ef6221b63ff6e12a0144cbd2ba6c8c23a0f660a0876cb1
-
SSDEEP
393216:dnFIx2cyV+lh2pyCtM+/NcYtN3ZWSJ/ovTsYFaeI:N4yVcQpjtMwftN31JYaR
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-