2024-06-11_68de8b5123b3e7f228a58861544b313a_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-11_68de8b5123b3e7f228a58861544b313a_ryuk
Size

27.7MB
MD5

68de8b5123b3e7f228a58861544b313a
SHA1

1249a4a35a57d087bc52a84f74a6120448400db3
SHA256

d27f946ce9936e41b28dd9ffde478ffc046b18f7334677de7a45d8263c4bbd08
SHA512

9ea10be60828d213792f3c41e7bac0d6a1d164db6d62778bf7029c6d980375bbb8f11604340575a75f7f5d8de87be6040269d64c500dc6d9e01797a24f1f4740
SSDEEP

196608:E1/+qQP733IsV6XS6moi3A8PqGCecUj26XnD:mTQT3llJcUj26X

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Detects executables containing possible sandbox system UUIDs 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxSystemUUIDs

Detects executables referencing virtualization MAC addresses 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_VM_Evasion_MACAddrComb

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_68de8b5123b3e7f228a58861544b313a_ryuk

Files

2024-06-11_68de8b5123b3e7f228a58861544b313a_ryuk
.exe windows:6 windows x64 arch:x64

b499f87c70bf2c50e6716e677628ca9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python310

PyFrozenSet_Type
PyExc_UnicodeEncodeError
PyComplex_Type
_Py_EllipsisObject
PySlice_Type
PyExc_BlockingIOError
PyNumber_Positive
PyExc_KeyboardInterrupt
PySuper_Type
PyExc_WindowsError
PyExc_MemoryError
PyUnicode_AsUTF8
PyLong_AsLong
PyList_Size
PyList_SetSlice
PyDict_DelItemString
PyStatus_Exception
PyWideStringList_Append
PyConfig_SetString
PyConfig_SetArgv
_PyWarnings_Init
PyErr_SetInterrupt
Py_SetProgramName
Py_InitializeFromConfig
Py_ExitStatusException
PySys_SetArgv
_PyRuntime_Initialize
_PyConfig_InitCompatConfig
Py_DebugFlag
Py_VerboseFlag
Py_InteractiveFlag
Py_InspectFlag
Py_OptimizeFlag
Py_NoSiteFlag
Py_BytesWarningFlag
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_DontWriteBytecodeFlag
Py_NoUserSiteDirectory
Py_FileSystemDefaultEncoding
Py_HasFileSystemDefaultEncoding
Py_UTF8Mode
PyImport_FrozenModules
_Py_path_config
PyMem_Malloc
PyMem_Realloc
PyMem_GetAllocator
PyType_Ready
PyObject_Str
PyObject_RichCompare
PyObject_RichCompareBool
PyObject_SetAttrString
PyObject_GetAttr
PyObject_SelfIter
PyObject_GenericSetAttr
PyObject_IsTrue
PyCallable_Check
PyObject_ClearWeakRefs
PyObject_Realloc
PyObject_Free
PyObject_InitVar
_PyObject_New
_PyObject_GC_Resize
PyObject_GC_Del
PyByteArray_FromStringAndSize
PyBytes_FromString
PyBytes_AsString
_PyBytes_Resize
PyUnicode_FromStringAndSize
PyUnicode_FromEncodedObject
PyUnicode_FromFormat
PyUnicode_InternInPlace
PyUnicode_FromWideChar
PyUnicode_AsWideCharString
PyUnicode_FromOrdinal
PyUnicode_DecodeUTF8
PyUnicode_Concat
PyUnicode_FindChar
PyUnicode_RichCompare
PyUnicode_Format
PyUnicode_New
_PyUnicode_Ready
PyLong_AsLongAndOverflow
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyLong_FromString
PyLong_FromUnicodeObject
_PyLong_New
_PyLong_Copy
PyFloat_FromString
PyFloat_FromDouble
PyComplex_FromDoubles
PyFrozenSet_New
PyTuple_Pack
PyList_New
PyList_SetItem
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_GetItemString
PyDict_SetItemString
_PySet_NextEntry
PyCMethod_New
PyModule_NewObject
PyModule_GetName
PyModule_GetFilenameObject
PyModule_GetDef
PyCode_NewWithPosOnlyArgs
PyObject_Call
PyObject_CallObject
PyObject_CallFunctionObjArgs
PyObject_CallMethodObjArgs
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
PyNumber_Float
PyNumber_InPlaceAdd
PyNumber_InPlaceMultiply
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PyNumber_ToBase
PySequence_List
PySequence_InPlaceConcat
PyMapping_Check
PyMapping_Size
PyObject_LengthHint
PyObject_GetBuffer
PyBuffer_Release
_PyGen_FetchStopIterationValue
PyDescr_IsData
PyErr_WarnEx
PyErr_ExceptionMatches
PyException_SetCause
PyErr_BadArgument
PyErr_NoMemory
PyErr_SetFromErrno
PyOS_snprintf
_PyErr_FormatFromCause
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
_PyArg_NoKeywords
PyModule_ExecDef
PyModule_FromDefAndSpec2
PyErr_Print
Py_CompileStringExFlags
PyEval_GetFuncName
PyEval_RestoreThread
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyEval_EvalCode
PyMarshal_ReadObjectFromString
_PyErr_NormalizeException
_PyByteArray_empty_string
PyDictKeys_Type
PyDictValues_Type
PyDictItems_Type
PySet_Type
PyModuleDef_Type
PyFunction_Type
PyMethod_Type
PyCode_Type
PyTraceBack_Type
PyEllipsis_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
PyExc_StopAsyncIteration
PyExc_UnboundLocalError
PyExc_ImportWarning
_Py_PackageContext
PyFrame_Type
PyExc_IOError
PyExc_EnvironmentError
PyExc_NameError
PyFilter_Type
PyBool_Type
PyExc_FileNotFoundError
PyExc_LookupError
PyDict_Update
_PyObject_FunctionStr
PyExc_ModuleNotFoundError
PyObject_Dir
PyFloat_Type
PyExc_UnicodeError
PyReversed_Type
PyNumber_Invert
PyExc_UnicodeDecodeError
PyExc_PermissionError
PyDict_Type
_Py_NotImplementedStruct
PySet_Contains
PyLong_FromVoidPtr
PySet_Add
PySet_New
PyMap_Type
PyProperty_Type
PyTuple_Type
PyObject_DelItem
PyObject_SetAttr
PyExc_EOFError
PyExc_Exception
PyExc_BaseException
PyExc_NotImplementedError
PyExc_SyntaxError
PyEnum_Type
PyUnicode_Join
PyByteArray_FromObject
PyObject_Repr
PyRange_Type
PyLong_Type
PyDict_DelItem
PyExc_ZeroDivisionError
PyExc_RuntimeError
PyExc_ImportError
PyBytes_Type
PyByteArray_Type
PyExc_GeneratorExit
PyObject_GetItem
PyMemoryView_Type
PySequence_Tuple
PyDict_MergeFromSeq2
PyDict_Merge
PyNumber_Negative
PyZip_Type
PyExc_OverflowError
PyExc_AssertionError
PyExc_StopIteration
PySeqIter_Type
PyEval_AcquireThread
PyEval_SaveThread
Py_MakePendingCalls
Py_Exit
PyErr_WriteUnraisable
PyObject_IsSubclass
PySequence_Check
_PyObject_GC_Malloc
PyExc_IndexError
PyList_Type
PyObject_SetItem
PyLong_FromSsize_t
PyNumber_Long
_PyDict_NewPresized
_PyRuntime
PyExc_ValueError
PyExc_KeyError
PyExc_OSError
PyModule_Type
PyUnicode_Type
PyErr_PrintEx
PyException_SetContext
PyException_GetContext
Py_GenericAlias
PySequence_Contains
PyNumber_AsSsize_t
PyModule_GetDict
PyDict_SetItem
PyUnicode_Find
PyUnicode_GetLength
PyUnicode_Substring
PyObject_GetAttrString
PyType_IsSubtype
PyExc_TypeError
PyExc_SystemError
PyExc_AttributeError
PyCFunction_Type
_Py_NoneStruct
PyBaseObject_Type
PyType_Type
PyErr_Format
PyObject_IsInstance
_PyType_Lookup
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyLong_FromLong
PyUnicode_FromString
PyTuple_New

kernel32

EncodePointer
GetEnvironmentVariableA
RtlPcToFileHeader
WriteConsoleW
HeapReAlloc
HeapSize
RaiseException
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetStdHandle

Sections

.text
Size: 19.0MB - Virtual size: 19.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b499f87c70bf2c50e6716e677628ca9a

Headers

DLL Characteristics

File Characteristics

Imports

python310

kernel32

Sections

.text Size: 19.0MB - Virtual size: 19.0MB

.rdata Size: 265KB - Virtual size: 264KB

.data Size: 42KB - Virtual size: 671KB

.pdata Size: 172KB - Virtual size: 171KB

.gfids Size: 512B - Virtual size: 200B

.gxfg Size: 6KB - Virtual size: 6KB

.gehcont Size: 512B - Virtual size: 16B

.rsrc Size: 8.2MB - Virtual size: 8.2MB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 19.0MB - Virtual size: 19.0MB

.rdata
Size: 265KB - Virtual size: 264KB

.data
Size: 42KB - Virtual size: 671KB

.pdata
Size: 172KB - Virtual size: 171KB

.gfids
Size: 512B - Virtual size: 200B

.gxfg
Size: 6KB - Virtual size: 6KB

.gehcont
Size: 512B - Virtual size: 16B

.rsrc
Size: 8.2MB - Virtual size: 8.2MB

.reloc
Size: 5KB - Virtual size: 5KB