General
-
Target
2024-06-07_d9c82ff16ffac599e4503515398ff7c1_ryuk
-
Size
5.0MB
-
Sample
240607-cs2tcshb65
-
MD5
d9c82ff16ffac599e4503515398ff7c1
-
SHA1
c995921545a99fabff0d463df2d5198d7495ff59
-
SHA256
b725e1440f6a186fa016b16a2640ff88b85adc5c77895d42f516b95ec72013fe
-
SHA512
0b727b3661b36a086250aab294d817ff8d0a966fe4ddcf7d1e99fb4cfbbd536cae8a677ee70048121d419fe6fbf3d154c03f16681b914b825bff403c21f50297
-
SSDEEP
98304:YSM0mrHQktlw2Kce26t+JhVWn2xxjsLIzstgg3R3ujAgd3ycRNNENt:YSu3tlKXqXWnAGIz6gmuHZhN
Behavioral task
behavioral1
Sample
2024-06-07_d9c82ff16ffac599e4503515398ff7c1_ryuk.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2024-06-07_d9c82ff16ffac599e4503515398ff7c1_ryuk
-
Size
5.0MB
-
MD5
d9c82ff16ffac599e4503515398ff7c1
-
SHA1
c995921545a99fabff0d463df2d5198d7495ff59
-
SHA256
b725e1440f6a186fa016b16a2640ff88b85adc5c77895d42f516b95ec72013fe
-
SHA512
0b727b3661b36a086250aab294d817ff8d0a966fe4ddcf7d1e99fb4cfbbd536cae8a677ee70048121d419fe6fbf3d154c03f16681b914b825bff403c21f50297
-
SSDEEP
98304:YSM0mrHQktlw2Kce26t+JhVWn2xxjsLIzstgg3R3ujAgd3ycRNNENt:YSu3tlKXqXWnAGIz6gmuHZhN
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-