General
-
Target
2024-06-07_bb8f5375ab38d5e0137c45d48be7a958_ryuk
-
Size
6.9MB
-
Sample
240607-cl4dlsfh7x
-
MD5
bb8f5375ab38d5e0137c45d48be7a958
-
SHA1
cf7fe3dc24bef49df54c00c981ee64ba8b2f1414
-
SHA256
c216e8d6f67ab151ee8e9f4e534587ed9e62312f1a0b31315b026c9c69cbf674
-
SHA512
5799327d8756968ddd34da006e861eb6b9c4e4c71b6d86ee98051b30d789427c47d3c0830c969d3d6147cb37ee7114dd757829b3a504f7c8998739e4f663885c
-
SSDEEP
196608:YSTUf4QuWJysVYvsOgtdIQLOMIdiwkkT6FbGpQTh:PU41WJvtaL/dvT6BGat
Behavioral task
behavioral1
Sample
2024-06-07_bb8f5375ab38d5e0137c45d48be7a958_ryuk.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-07_bb8f5375ab38d5e0137c45d48be7a958_ryuk.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-06-07_bb8f5375ab38d5e0137c45d48be7a958_ryuk
-
Size
6.9MB
-
MD5
bb8f5375ab38d5e0137c45d48be7a958
-
SHA1
cf7fe3dc24bef49df54c00c981ee64ba8b2f1414
-
SHA256
c216e8d6f67ab151ee8e9f4e534587ed9e62312f1a0b31315b026c9c69cbf674
-
SHA512
5799327d8756968ddd34da006e861eb6b9c4e4c71b6d86ee98051b30d789427c47d3c0830c969d3d6147cb37ee7114dd757829b3a504f7c8998739e4f663885c
-
SSDEEP
196608:YSTUf4QuWJysVYvsOgtdIQLOMIdiwkkT6FbGpQTh:PU41WJvtaL/dvT6BGat
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-