General

  • Target

    2024-06-07_d9c82ff16ffac599e4503515398ff7c1_ryuk

  • Size

    5.0MB

  • Sample

    240607-cs2tcshb65

  • MD5

    d9c82ff16ffac599e4503515398ff7c1

  • SHA1

    c995921545a99fabff0d463df2d5198d7495ff59

  • SHA256

    b725e1440f6a186fa016b16a2640ff88b85adc5c77895d42f516b95ec72013fe

  • SHA512

    0b727b3661b36a086250aab294d817ff8d0a966fe4ddcf7d1e99fb4cfbbd536cae8a677ee70048121d419fe6fbf3d154c03f16681b914b825bff403c21f50297

  • SSDEEP

    98304:YSM0mrHQktlw2Kce26t+JhVWn2xxjsLIzstgg3R3ujAgd3ycRNNENt:YSu3tlKXqXWnAGIz6gmuHZhN

Malware Config

Targets

    • Target

      2024-06-07_d9c82ff16ffac599e4503515398ff7c1_ryuk

    • Size

      5.0MB

    • MD5

      d9c82ff16ffac599e4503515398ff7c1

    • SHA1

      c995921545a99fabff0d463df2d5198d7495ff59

    • SHA256

      b725e1440f6a186fa016b16a2640ff88b85adc5c77895d42f516b95ec72013fe

    • SHA512

      0b727b3661b36a086250aab294d817ff8d0a966fe4ddcf7d1e99fb4cfbbd536cae8a677ee70048121d419fe6fbf3d154c03f16681b914b825bff403c21f50297

    • SSDEEP

      98304:YSM0mrHQktlw2Kce26t+JhVWn2xxjsLIzstgg3R3ujAgd3ycRNNENt:YSu3tlKXqXWnAGIz6gmuHZhN

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks