2024-06-07_7e7b733fe238df4ebba377f98f57c809_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_7e7b733fe238df4ebba377f98f57c809_ryuk
Size

4.0MB
MD5

7e7b733fe238df4ebba377f98f57c809
SHA1

f9fc68157d9adaf3ccbce03a84f39c61deb51095
SHA256

15e60913b60cd46339344da37e84703033f90f9c538f880a56679ba3478f2774
SHA512

39ead73c6d95597ae85c01007ec89c88ca277aed5e919aefd8fbbcb0eaae6bdb23d0995d5a6e3782c69067241529ea857ce543bfa4e895dbd8d4471b96ff3288
SSDEEP

49152:4RxIHilelNec3hZ4LyfE7KN4EkrjA5oqUkkQycW4gC4cHAxC6QAoXQiFEwwprB+f:yclNecROLyfoG4/24MNAoXQiK4Du

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_7e7b733fe238df4ebba377f98f57c809_ryuk

Files

2024-06-07_7e7b733fe238df4ebba377f98f57c809_ryuk
.exe windows:6 windows x64 arch:x64

03f33288735db1a2b8eebb81da9ce478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
GetModuleHandleW
MoveFileExW
GetLocaleInfoA
IsValidCodePage
IsDBCSLeadByteEx
EnumSystemLocalesA
FoldStringW
LCMapStringW
CompareStringW
GetDateFormatW
GetTimeFormatW
CreateFileMappingW
GetCurrencyFormatW
TlsAlloc
TlsFree
CreateEventW
TlsGetValue
SetLastError
InitializeCriticalSectionAndSpinCount
TlsSetValue
GetFileType
DeleteFiber
ConvertFiberToThread
GlobalMemoryStatus
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
FindFirstFileExW
SetStdHandle
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleFileNameW
SetConsoleTitleW
SetConsoleTextAttribute
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetStdHandle
Sleep
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
IsValidLocale
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineW
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
FreeLibraryAndExitThread
RaiseException
DecodePointer
CloseHandle
WaitForSingleObjectEx
GetCurrentThreadId
SetEvent
GetLocaleInfoW
CreateEventA
GetStringTypeW
GetCurrentProcess
GetCurrentThread
GetCPInfo
EncodePointer
IsDebuggerPresent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreateThread
GetThreadTimes

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

oleaut32

VariantClear

advapi32

CryptCreateHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam

ws2_32

WSAGetLastError
WSASetLastError
closesocket
WSACleanup
WSAStartup
recv
send

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03f33288735db1a2b8eebb81da9ce478

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

ws2_32

crypt32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 137KB - Virtual size: 161KB

.pdata Size: 146KB - Virtual size: 146KB

.tls Size: 512B - Virtual size: 21B

.gfids Size: 1KB - Virtual size: 1KB

.gxfg Size: 13KB - Virtual size: 12KB

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 137KB - Virtual size: 161KB

.pdata
Size: 146KB - Virtual size: 146KB

.tls
Size: 512B - Virtual size: 21B

.gfids
Size: 1KB - Virtual size: 1KB

.gxfg
Size: 13KB - Virtual size: 12KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 32KB - Virtual size: 32KB