2024-06-15_c83ba8b2c816f43f10ded1e019b3d44b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_c83ba8b2c816f43f10ded1e019b3d44b_ryuk
Size

4.6MB
MD5

c83ba8b2c816f43f10ded1e019b3d44b
SHA1

7706ca4a233db417f07d812f0423266428919e7e
SHA256

98303b86d628cda2ab070280b9a0bf736d3f63c0d5cc1df0f9fc1b653dc8b269
SHA512

866e4c519c6c28b61174fdb8af777a38e5d8b40d953cabc1c3605c4384e7d2e2502c1cefa3a6349b317eb65d44ecace313306a5616b7f7f2496843efdf92ff6d
SSDEEP

49152:zjbE14U8M1SezY4+Cgl3svRNWTj3xjeleBnD9cMszq10gkOmjk//mhkmEPL34wqo:r9qoergzmFuOQ/mhkTPS0wghD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-15_c83ba8b2c816f43f10ded1e019b3d44b_ryuk

Files

2024-06-15_c83ba8b2c816f43f10ded1e019b3d44b_ryuk
.exe windows:5 windows x64 arch:x64

ba0fda19a0e8770dfb679fc64bea65fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

R:\depot_tools\src\out\Custom_x64\initialexe\chrome.exe.pdb

Imports

chrome_elf

SignalInitializeCrashReporting
GetInstallDetailsPayload
SignalChromeElf

advapi32

RegDisablePredefinedCache
GetSecurityInfo
SetEntriesInAclW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
SystemFunction036
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
ImpersonateNamedPipeClient
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW
CreateProcessAsUserW
SetThreadToken

gdi32

GetTextFaceW
EnumFontFamiliesExW
CreateCompatibleDC
SelectObject
GetFontUnicodeRanges
AddFontMemResourceEx
SetBkMode
SetTextColor
SetGraphicsMode
CreateDIBSection
ExtTextOutW
SetTextAlign
GetOutlineTextMetricsW
CreateFontIndirectW
RemoveFontMemResourceEx
DeleteObject
GetGlyphOutlineW
GetCharABCWidthsW
GetGlyphIndicesW
GetTextExtentPointI
GetFontData
DeleteDC
GetTextMetricsW
SetWorldTransform
GdiFlush

kernel32

FindNextFileW
FindClose
UnmapViewOfFile
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
ReleaseSRWLockExclusive
WriteFile
ExpandEnvironmentStringsW
CreateFileW
SetEndOfFile
DeleteFileW
MoveFileW
GetSystemDirectoryW
GetComputerNameExW
HeapCreate
HeapDestroy
GetLocalTime
GetCurrentDirectoryW
GetCurrentProcessId
GetTickCount
SetThreadPriority
QueryThreadCycleTime
Sleep
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
GetModuleHandleW
GetVersionExW
TerminateProcess
OpenProcess
GetExitCodeProcess
SetFilePointerEx
FlushFileBuffers
RaiseException
HeapSetInformation
GetThreadId
IsDebuggerPresent
lstrlenW
VirtualQuery
AcquireSRWLockExclusive
LocalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
RegisterWaitForSingleObject
UnregisterWaitEx
CreateDirectoryW
QueryDosDeviceW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
SetFileAttributesW
ReplaceFileW
ResetEvent
FindFirstFileExW
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetWindowsDirectoryW
GetUserDefaultLangID
GetProcessTimes
GetModuleHandleExW
GetSystemInfo
VirtualQueryEx
LoadLibraryW
FlushViewOfFile
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetFileSizeEx
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
FreeLibrary
DecodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateProcessW
InitOnceExecuteOnce
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
RtlVirtualUnwind
OutputDebugStringW
LockFileEx
UnlockFileEx
SetConsoleCtrlHandler
TerminateJobObject
GetUserDefaultLCID
WriteProcessMemory
AssignProcessToJobObject
GetFileType
SetHandleInformation
ProcessIdToSessionId
GetProcessHeaps
SignalObjectAndWait
CreateMutexW
VirtualProtectEx
QueryFullProcessImageNameW
VirtualAllocEx
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
CreateRemoteThread
ReadProcessMemory
DebugBreak
SearchPathW
VirtualProtect
LoadLibraryExA
GetThreadContext
SuspendThread
SleepEx
GetVersion
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
IsWow64Process
GetFileInformationByHandleEx
DisconnectNamedPipe
ConnectNamedPipe
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
WriteConsoleW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetStdHandle
ReadConsoleW
GetFullPathNameW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetACP
PeekNamedPipe
GetDriveTypeW
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
CreateThread
ReadFile
FormatMessageA
SetEvent
ResumeThread
CreateSemaphoreW
CloseHandle
ReleaseSemaphore
GetNativeSystemInfo
WideCharToMultiByte
MultiByteToWideChar
VirtualFree
VirtualAlloc
LoadLibraryExW
SetProcessShutdownParameters
SetCurrentDirectoryW
GetProcessId
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
GetCurrentThreadId
CreateEventW
SetLastError
GetLastError
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
TlsFree
Wow64GetThreadContext
GetThreadLocale
GetSystemDefaultLCID
SetInformationJobObject
GetProcessHandleCount

psapi

GetProcessMemoryInfo
GetMappedFileNameW
GetPerformanceInfo

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHGetFolderPathW

shlwapi

PathMatchSpecW

user32

GetMessageW
RegisterClassW
wsprintfW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
SendMessageTimeoutW
SystemParametersInfoW
TranslateMessage
GetWindowLongPtrW
DefWindowProcW
FindWindowExW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CloseDesktop
DispatchMessageW
PostMessageW
UnregisterClassW

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

winhttp

WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpOpenRequest

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba0fda19a0e8770dfb679fc64bea65fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

chrome_elf

advapi32

gdi32

kernel32

psapi

shell32

shlwapi

user32

usp10

version

winmm

winhttp

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

_text32 Size: 132KB - Virtual size: 132KB

.rdata Size: 610KB - Virtual size: 610KB

.data Size: 16KB - Virtual size: 54KB

.pdata Size: 189KB - Virtual size: 188KB

.didat Size: 512B - Virtual size: 72B

.tls Size: 512B - Virtual size: 29B

CPADinfo Size: 512B - Virtual size: 48B

_RDATA Size: 32KB - Virtual size: 32KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 3.5MB - Virtual size: 3.5MB

_text32
Size: 132KB - Virtual size: 132KB

.rdata
Size: 610KB - Virtual size: 610KB

.data
Size: 16KB - Virtual size: 54KB

.pdata
Size: 189KB - Virtual size: 188KB

.didat
Size: 512B - Virtual size: 72B

.tls
Size: 512B - Virtual size: 29B

CPADinfo
Size: 512B - Virtual size: 48B

_RDATA
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 20KB - Virtual size: 19KB