General

  • Target

    2024-06-07_f5ad2d20073609c27cf89becb138f1f8_ponmocup_ryuk

  • Size

    8.6MB

  • Sample

    240607-c8dfpshe26

  • MD5

    f5ad2d20073609c27cf89becb138f1f8

  • SHA1

    a75b0e47cbd56fe04139337ffaedfe3ff6283702

  • SHA256

    a3426c7a33748f02dcb8b72a11f239547009de4d14e761bf17ab8bff116f093b

  • SHA512

    776591c80d73a31fa69afdf044e0ad30ec0fb98d07d6bf5880365829943191c53042f6a6b290875de8e4bc377dad297e2591d75d6146bf12b16bc42a45a7ce9e

  • SSDEEP

    196608:YSqBLUf443uWJysVYvsOgtdIQLOMIdiwkkTfEFjhep0hW:6U43WJvtaL/dvTsNcSQ

Score
7/10

Malware Config

Targets

    • Target

      2024-06-07_f5ad2d20073609c27cf89becb138f1f8_ponmocup_ryuk

    • Size

      8.6MB

    • MD5

      f5ad2d20073609c27cf89becb138f1f8

    • SHA1

      a75b0e47cbd56fe04139337ffaedfe3ff6283702

    • SHA256

      a3426c7a33748f02dcb8b72a11f239547009de4d14e761bf17ab8bff116f093b

    • SHA512

      776591c80d73a31fa69afdf044e0ad30ec0fb98d07d6bf5880365829943191c53042f6a6b290875de8e4bc377dad297e2591d75d6146bf12b16bc42a45a7ce9e

    • SSDEEP

      196608:YSqBLUf443uWJysVYvsOgtdIQLOMIdiwkkTfEFjhep0hW:6U43WJvtaL/dvTsNcSQ

    Score
    7/10
    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks