General
-
Target
2024-06-11_1c7f9f6ab3eb20e3707f6966e2bd532a_ryuk
-
Size
664KB
-
Sample
240611-mtzeqstglc
-
MD5
1c7f9f6ab3eb20e3707f6966e2bd532a
-
SHA1
232c924137cd0c7110c25b052c8b459d1e714ca2
-
SHA256
d78f85ffd6c6b64c5fb2b25a98d5956c0cff3d09f6940cc6547e6decd6b99dcd
-
SHA512
d4c87845e9e1fdb395531501533786229dc8bb8da84c4e1a8830d56f02d9dde8cc6d836a22981f6edb8829ef542a37306b6d0b7a73e2af010d1c07ce702902b4
-
SSDEEP
12288:ds9bgSyWSoCU5qJSr1eD0Uv04tTkqFAgg+AvHUzTshNTZn+Pyf7/ul:mgsSoCU5qJSr1eD0cNkqFAgg+ieTyTVI
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-11_1c7f9f6ab3eb20e3707f6966e2bd532a_ryuk.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-06-11_1c7f9f6ab3eb20e3707f6966e2bd532a_ryuk.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-06-11_1c7f9f6ab3eb20e3707f6966e2bd532a_ryuk
-
Size
664KB
-
MD5
1c7f9f6ab3eb20e3707f6966e2bd532a
-
SHA1
232c924137cd0c7110c25b052c8b459d1e714ca2
-
SHA256
d78f85ffd6c6b64c5fb2b25a98d5956c0cff3d09f6940cc6547e6decd6b99dcd
-
SHA512
d4c87845e9e1fdb395531501533786229dc8bb8da84c4e1a8830d56f02d9dde8cc6d836a22981f6edb8829ef542a37306b6d0b7a73e2af010d1c07ce702902b4
-
SSDEEP
12288:ds9bgSyWSoCU5qJSr1eD0Uv04tTkqFAgg+AvHUzTshNTZn+Pyf7/ul:mgsSoCU5qJSr1eD0cNkqFAgg+ieTyTVI
Score10/10-
Renames multiple (1946) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-