2024-06-15_4b77fdba110022744c87619de5fc4dd5_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_4b77fdba110022744c87619de5fc4dd5_ryuk
Size

475KB
MD5

4b77fdba110022744c87619de5fc4dd5
SHA1

222c2d9fb944a64c19e460a70181d3b9c41b8d25
SHA256

090b5f309043828422dc4c7069a8f3e2a29d25b14752f056f433a826f1a1ec9e
SHA512

9167f600f654238adabb3195ef5a1bc315749989d5ccf871768bc3269c18557db7d8741d33ad846dc54487ee42211dc538861e39a6e1656e95c53156c5efa2e8
SSDEEP

6144:pdH2uvi5gSGN9TZ1+AD2RW7rvM58XjcibLLN+FvKZEh7WbH6/1xxzMPBmb4pZohN:pdH2uviSpZWRcw52LhS1edoo8uOL

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_4b77fdba110022744c87619de5fc4dd5_ryuk
.exe windows:6 windows x64 arch:x64

21743ba021d82f164ce7072bc43336e9

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:b9:ac:10:1f:23:7f:f1:db:b0:7e:d7
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

24/04/2023, 17:36

Not After

19/04/2026, 17:16

Subject

CN=TOTVS S.A.,O=TOTVS S.A.,L=Sao Paulo,ST=Sao Paulo,C=BR,1.2.840.113549.1.9.1=#0c1774692e736567696e666f40746f7476732e636f6d2e6272

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7f:d0:33:dc:47:ff:56:ff:20:92:34:98:5b:3e:64:fe:64:72:15:b4:31:53:1a:1c:15:74:f6:57:48:54:cd:5a
Signer

Actual PE Digest

7f:d0:33:dc:47:ff:56:ff:20:92:34:98:5b:3e:64:fe:64:72:15:b4:31:53:1a:1c:15:74:f6:57:48:54:cd:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
GetCurrentThreadId
VerSetConditionMask
DebugBreak
VerifyVersionInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WriteFile
ReadFile
SetFilePointer
FindClose
GetFileTime
CloseHandle
GetCommState
GetCommTimeouts
SetCommState
SetCommTimeouts
GetTempPathA
GetTempFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDiskFreeSpaceA
CreateFileA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileA
GetVolumeInformationA
GetProfileIntA
GetProfileStringA
WriteProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
GetDriveTypeW
GetFullPathNameA
GetTimeZoneInformation
SetStdHandle
GetFileType
SetFileTime
TzSpecificLocalTimeToSystemTime
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
CreateFileW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEndOfFile
ReadConsoleW
WriteConsoleW
HeapSize

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21743ba021d82f164ce7072bc43336e9

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

33:b9:ac:10:1f:23:7f:f1:db:b0:7e:d7Certificate

Extended Key Usages

Key Usages

7f:d0:33:dc:47:ff:56:ff:20:92:34:98:5b:3e:64:fe:64:72:15:b4:31:53:1a:1c:15:74:f6:57:48:54:cd:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 269KB - Virtual size: 268KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 14KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 45B

.gfids Size: 1024B - Virtual size: 568B

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 4KB - Virtual size: 3KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

33:b9:ac:10:1f:23:7f:f1:db:b0:7e:d7
Certificate

7f:d0:33:dc:47:ff:56:ff:20:92:34:98:5b:3e:64:fe:64:72:15:b4:31:53:1a:1c:15:74:f6:57:48:54:cd:5a
Signer

.text
Size: 269KB - Virtual size: 268KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 14KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 45B

.gfids
Size: 1024B - Virtual size: 568B

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 4KB - Virtual size: 3KB