General
-
Target
2024-06-07_692f961835e3ef185240337bfb59e0f5_ryuk
-
Size
6.9MB
-
Sample
240607-bwwabafc4v
-
MD5
692f961835e3ef185240337bfb59e0f5
-
SHA1
daa54b9e9b058ef92714a65dd3b8b45ef449453d
-
SHA256
c62212a2235e0a756cba011c9bf0d96d87ee89fdcf954cf2a9939083a83f9c48
-
SHA512
eaf0f1250ab310d5ef100ced076d5cff6baaffea75184821ba442dae30672e8f80d9a3895f7ba283e64f08232c530974ce4e36c5f4449d72ab4ac9a3078d5a4c
-
SSDEEP
196608:YSDUf4VuWJysVYvsOgtdIQLOMIdiwkkT6Fb9pbS:/U4cWJvtaL/dvT6B9h
Behavioral task
behavioral1
Sample
2024-06-07_692f961835e3ef185240337bfb59e0f5_ryuk.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-07_692f961835e3ef185240337bfb59e0f5_ryuk.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-06-07_692f961835e3ef185240337bfb59e0f5_ryuk
-
Size
6.9MB
-
MD5
692f961835e3ef185240337bfb59e0f5
-
SHA1
daa54b9e9b058ef92714a65dd3b8b45ef449453d
-
SHA256
c62212a2235e0a756cba011c9bf0d96d87ee89fdcf954cf2a9939083a83f9c48
-
SHA512
eaf0f1250ab310d5ef100ced076d5cff6baaffea75184821ba442dae30672e8f80d9a3895f7ba283e64f08232c530974ce4e36c5f4449d72ab4ac9a3078d5a4c
-
SSDEEP
196608:YSDUf4VuWJysVYvsOgtdIQLOMIdiwkkT6Fb9pbS:/U4cWJvtaL/dvT6B9h
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-