General
-
Target
2024-06-07_f5ad2d20073609c27cf89becb138f1f8_ponmocup_ryuk
-
Size
8.6MB
-
Sample
240607-c8dfpshe26
-
MD5
f5ad2d20073609c27cf89becb138f1f8
-
SHA1
a75b0e47cbd56fe04139337ffaedfe3ff6283702
-
SHA256
a3426c7a33748f02dcb8b72a11f239547009de4d14e761bf17ab8bff116f093b
-
SHA512
776591c80d73a31fa69afdf044e0ad30ec0fb98d07d6bf5880365829943191c53042f6a6b290875de8e4bc377dad297e2591d75d6146bf12b16bc42a45a7ce9e
-
SSDEEP
196608:YSqBLUf443uWJysVYvsOgtdIQLOMIdiwkkTfEFjhep0hW:6U43WJvtaL/dvTsNcSQ
Behavioral task
behavioral1
Sample
2024-06-07_f5ad2d20073609c27cf89becb138f1f8_ponmocup_ryuk.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-07_f5ad2d20073609c27cf89becb138f1f8_ponmocup_ryuk.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-06-07_f5ad2d20073609c27cf89becb138f1f8_ponmocup_ryuk
-
Size
8.6MB
-
MD5
f5ad2d20073609c27cf89becb138f1f8
-
SHA1
a75b0e47cbd56fe04139337ffaedfe3ff6283702
-
SHA256
a3426c7a33748f02dcb8b72a11f239547009de4d14e761bf17ab8bff116f093b
-
SHA512
776591c80d73a31fa69afdf044e0ad30ec0fb98d07d6bf5880365829943191c53042f6a6b290875de8e4bc377dad297e2591d75d6146bf12b16bc42a45a7ce9e
-
SSDEEP
196608:YSqBLUf443uWJysVYvsOgtdIQLOMIdiwkkTfEFjhep0hW:6U43WJvtaL/dvTsNcSQ
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-