General

  • Target

    2024-06-07_1e1a25da406899d94b32fed9f390c905_ryuk

  • Size

    15.7MB

  • Sample

    240607-bb5y1seg7v

  • MD5

    1e1a25da406899d94b32fed9f390c905

  • SHA1

    8bddeafe801194dbb9996912cf85ebe9ac4ec2fb

  • SHA256

    c0e5618e2834c0eaa58b14426c0cb0dd619ad786a721d957983088ce7be50169

  • SHA512

    6c2a45f40466e63c204f9c127fe026be58daea4dafb1c28c43a887218bd4252eb5f06c8169489ab4e6ef6221b63ff6e12a0144cbd2ba6c8c23a0f660a0876cb1

  • SSDEEP

    393216:dnFIx2cyV+lh2pyCtM+/NcYtN3ZWSJ/ovTsYFaeI:N4yVcQpjtMwftN31JYaR

Malware Config

Targets

    • Target

      2024-06-07_1e1a25da406899d94b32fed9f390c905_ryuk

    • Size

      15.7MB

    • MD5

      1e1a25da406899d94b32fed9f390c905

    • SHA1

      8bddeafe801194dbb9996912cf85ebe9ac4ec2fb

    • SHA256

      c0e5618e2834c0eaa58b14426c0cb0dd619ad786a721d957983088ce7be50169

    • SHA512

      6c2a45f40466e63c204f9c127fe026be58daea4dafb1c28c43a887218bd4252eb5f06c8169489ab4e6ef6221b63ff6e12a0144cbd2ba6c8c23a0f660a0876cb1

    • SSDEEP

      393216:dnFIx2cyV+lh2pyCtM+/NcYtN3ZWSJ/ovTsYFaeI:N4yVcQpjtMwftN31JYaR

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks