2024-06-16_b339e58ed06ae786c996dffe66bf2b9a_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-16_b339e58ed06ae786c996dffe66bf2b9a_ryuk
Size

8.7MB
MD5

b339e58ed06ae786c996dffe66bf2b9a
SHA1

27ad11e920138a388c1c12d78d2bbbc8fc5b47fb
SHA256

67b77fdcbf81be29572a96c461944fa3787801660a7494c295b0c1c72ad72169
SHA512

09892276c4ab2d7647df84773bf2d8dbaf63a314afbd029bbf09c047c0fb71106833f6519c9e5d26efb574356d6566f0f73b11ffc176596c75bf89f71f408a64
SSDEEP

98304:kj9wuF8TKxriGw0/D156B6eHcbQJQsBd3abc9mlJyrNF:69wuF8TKxr7w0LyQeHeQXEGF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-16_b339e58ed06ae786c996dffe66bf2b9a_ryuk

Files

2024-06-16_b339e58ed06ae786c996dffe66bf2b9a_ryuk
.exe windows:6 windows x64 arch:x64

0180d15761d5e3ebfe82c0db01ce0f25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\bamboo-agent-home\xml-data\build-dir\Drivers\Hardy\Development\HAR-1191\Product\Bin\w2012r2\vs2015\release64mt\DriverConfiguration64.pdb

Imports

sbicuuc58_64

ucnv_open_58
??0UnicodeString@sbicu_58@@QEAA@XZ
?extract@UnicodeString@sbicu_58@@QEBAHPEADHPEAUUConverter@@AEAW4UErrorCode@@@Z
ucnv_getDefaultName_58
ucnv_getAlias_58
ucnv_countAliases_58
ucnv_convert_58
u_strlen_58
??_7ErrorCode@sbicu_58@@6B@
?hasMetaData@UnicodeString@sbicu_58@@UEBACXZ
?handleReplaceBetween@UnicodeString@sbicu_58@@UEAAXHHAEBV12@@Z
?getLength@UnicodeString@sbicu_58@@MEBAHXZ
?getDynamicClassID@UnicodeString@sbicu_58@@UEBAPEAXXZ
?getCharAt@UnicodeString@sbicu_58@@MEBA_WH@Z
?getChar32At@UnicodeString@sbicu_58@@MEBAHH@Z
?extractBetween@UnicodeString@sbicu_58@@UEBAXHHAEAV12@@Z
?copy@UnicodeString@sbicu_58@@UEAAXHHH@Z
?clone@UnicodeString@sbicu_58@@UEBAPEAVReplaceable@2@XZ
ucnv_close_58
ucnv_reset_58
ucnv_fromUnicode_58
?get@ErrorCode@sbicu_58@@QEBA?AW4UErrorCode@@XZ
??0UnicodeString@sbicu_58@@QEAA@PEBDHPEAUUConverter@@AEAW4UErrorCode@@@Z
ucnv_fromUChars_58
ucnv_toUnicode_58
u_isWhitespace_58
u_isalnum_58
u_isalpha_58
u_isdigit_58
?getDefault@Locale@sbicu_58@@SAAEBV12@XZ
?getUS@Locale@sbicu_58@@SAAEBV12@XZ
??Hsbicu_58@@YA?AVUnicodeString@0@AEBV10@0@Z
?getArrayStart@UnicodeString@sbicu_58@@AEBAPEB_WXZ
?doReplace@UnicodeString@sbicu_58@@AEAAAEAV12@HHPEB_WHH@Z
?doReplace@UnicodeString@sbicu_58@@AEAAAEAV12@HHAEBV12@HH@Z
?doCharAt@UnicodeString@sbicu_58@@AEBA_WH@Z
?doCaseCompare@UnicodeString@sbicu_58@@AEBACHHAEBV12@HHI@Z
?doCompare@UnicodeString@sbicu_58@@AEBACHHAEBV12@HH@Z
??1UnicodeString@sbicu_58@@UEAA@XZ
??0UnicodeString@sbicu_58@@QEAA@AEBV01@HH@Z
??0UnicodeString@sbicu_58@@QEAA@AEBV01@H@Z
??0UnicodeString@sbicu_58@@QEAA@$$QEAV01@@Z
??0UnicodeString@sbicu_58@@QEAA@AEBV01@@Z
??0UnicodeString@sbicu_58@@QEAA@PEBDH0@Z
??0UnicodeString@sbicu_58@@QEAA@HHH@Z
?getBuffer@UnicodeString@sbicu_58@@QEBAPEB_WXZ
?releaseBuffer@UnicodeString@sbicu_58@@QEAAXH@Z
?getBuffer@UnicodeString@sbicu_58@@QEAAPEA_WH@Z
?foldCase@UnicodeString@sbicu_58@@QEAAAEAV12@I@Z
?toLower@UnicodeString@sbicu_58@@QEAAAEAV12@AEBVLocale@2@@Z
?toUpper@UnicodeString@sbicu_58@@QEAAAEAV12@AEBVLocale@2@@Z
?trim@UnicodeString@sbicu_58@@QEAAAEAV12@XZ
?truncate@UnicodeString@sbicu_58@@QEAACH@Z
?padTrailing@UnicodeString@sbicu_58@@QEAACH_W@Z
?remove@UnicodeString@sbicu_58@@QEAAAEAV12@XZ
?findAndReplace@UnicodeString@sbicu_58@@QEAAAEAV12@AEBV12@0@Z
??YUnicodeString@sbicu_58@@QEAAAEAV01@AEBV01@@Z
??4UnicodeString@sbicu_58@@QEAAAEAV01@$$QEAV01@@Z
??4UnicodeString@sbicu_58@@QEAAAEAV01@AEBV01@@Z
?countChar32@UnicodeString@sbicu_58@@QEBAHHH@Z
?length@UnicodeString@sbicu_58@@QEBAHXZ
?tempSubString@UnicodeString@sbicu_58@@QEBA?AV12@HH@Z
?extract@UnicodeString@sbicu_58@@QEBAHHHPEADIPEBD@Z
?moveIndex32@UnicodeString@sbicu_58@@QEBAHHH@Z
?char32At@UnicodeString@sbicu_58@@QEBAHH@Z
?lastIndexOf@UnicodeString@sbicu_58@@QEBAHAEBV12@H@Z
?indexOf@UnicodeString@sbicu_58@@QEBAHHH@Z
?indexOf@UnicodeString@sbicu_58@@QEBAHAEBV12@H@Z
?startsWith@UnicodeString@sbicu_58@@QEBACAEBV12@@Z
?caseCompare@UnicodeString@sbicu_58@@QEBACAEBV12@I@Z
?compare@UnicodeString@sbicu_58@@QEBACAEBV12@@Z
??8UnicodeString@sbicu_58@@QEBACAEBV01@@Z
??0ErrorCode@sbicu_58@@QEAA@AEBV01@@Z
?errorName@ErrorCode@sbicu_58@@QEBAPEBDXZ
?reset@ErrorCode@sbicu_58@@QEAA?AW4UErrorCode@@XZ
??1ErrorCode@sbicu_58@@UEAA@XZ
??3UMemory@sbicu_58@@SAXPEAX@Z
??2UMemory@sbicu_58@@SAPEAX_K@Z

sbicuin58_64

?find@RegexMatcher@sbicu_58@@UEAAC_JAEAW4UErrorCode@@@Z
??1RegexMatcher@sbicu_58@@UEAA@XZ
?start@RegexMatcher@sbicu_58@@UEBAHAEAW4UErrorCode@@@Z
??0RegexMatcher@sbicu_58@@QEAA@AEBVUnicodeString@1@IAEAW4UErrorCode@@@Z
?end@RegexMatcher@sbicu_58@@UEBAHAEAW4UErrorCode@@@Z
?reset@RegexMatcher@sbicu_58@@UEAAAEAV12@AEBVUnicodeString@2@@Z
?replaceAll@RegexMatcher@sbicu_58@@UEAA?AVUnicodeString@2@AEBV32@AEAW4UErrorCode@@@Z
?replaceFirst@RegexMatcher@sbicu_58@@UEAA?AVUnicodeString@2@AEBV32@AEAW4UErrorCode@@@Z

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetCurrentThread
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
MoveFileExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
ReadFile
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
ExitProcess
CreateProcessW
CreateProcessA
GetTimeZoneInformation
InterlockedFlushSList
InterlockedPushEntrySList
FlushFileBuffers
RtlPcToFileHeader
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
EncodePointer
WideCharToMultiByte
LoadLibraryExW
GetConsoleCP
RtlUnwindEx
GetConsoleMode
ReadConsoleW
GetExitCodeProcess
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
FormatMessageW
LocalFree
GetModuleFileNameW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
RtlCaptureStackBackTrace
LockFile
UnlockFile
CloseHandle
SetLastError
InitializeCriticalSection
GetCurrentProcess
CreateToolhelp32Snapshot
Module32First
Module32Next
TerminateProcess
GetSystemDirectoryW
GetTempPathW
GetHandleInformation
GetModuleHandleW
LockFileEx
UnlockFileEx
CreateFileW
DeleteFileW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
DuplicateHandle
GetFileInformationByHandleEx
FindClose
FindFirstFileExW
FindNextFileW
WaitForSingleObject
GetModuleHandleExA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
CreateDirectoryW
GetFileAttributesW
FreeLibrary
GetModuleHandleExW
GetProcAddress
LoadLibraryW
GetFileAttributesExW
CreatePipe
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteConsoleW

user32

EnableWindow
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
GetDlgItemInt
SetPropW
GetDlgItem
EndDialog
ShowWindow
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
GetPropW
MessageBoxW
UnregisterClassW
SendMessageW
SetWindowPos
CheckRadioButton
GetSystemMetrics
IsWindowEnabled
LoadCursorW
SetCursor
LoadImageW
GetParent
GetDesktopWindow
GetWindowRect
GetWindowTextLengthW
MoveWindow
LoadStringW
GetClientRect
SetDlgItemInt
SetWindowTextW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegEnumKeyW
RegCloseKey
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
EventRegister
EventUnregister
EventProviderEnabled
EventWrite
GetUserNameW
RegQueryInfoKeyW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetFolderPathW
SHBrowseForFolderW

shlwapi

PathIsRelativeW
PathIsDirectoryW

secur32

AcceptSecurityContext
RevertSecurityContext
ImpersonateSecurityContext
DeleteSecurityContext
FreeContextBuffer
QueryContextAttributesW
TranslateNameW
AcquireCredentialsHandleA
CompleteAuthToken
QueryCredentialsAttributesW
InitializeSecurityContextW
FreeCredentialsHandle

crypt32

CryptUnprotectData
CryptProtectData

libcrypto-1_1-x64

BIO_ctrl
OpenSSL_version
EVP_CIPHER_CTX_new
EVP_aes_256_cbc
BIO_new
CRYPTO_get_ex_new_index
X509_verify_cert_error_string
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_reset
DES_fcrypt
EVP_EncryptUpdate
BIO_new_mem_buf
ERR_clear_error
EVP_EncryptFinal_ex
HMAC_CTX_new
ERR_error_string_n
EVP_sha1
BIO_write
HMAC_Update
MD5
RAND_bytes
BIO_free_all
BIO_s_mem
EVP_DecryptInit_ex
HMAC_Init_ex
EVP_sha256
EVP_EncryptInit_ex
HMAC_CTX_free
BIO_set_flags
SHA1
ERR_get_error
BIO_read
EVP_DecryptFinal_ex
BIO_f_base64
BIO_push
EVP_BytesToKey
EVP_DecryptUpdate
HMAC_Final

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0180d15761d5e3ebfe82c0db01ce0f25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sbicuuc58_64

sbicuin58_64

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

secur32

crypt32

libcrypto-1_1-x64

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 36KB - Virtual size: 100KB

.pdata Size: 412KB - Virtual size: 411KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 36KB - Virtual size: 100KB

.pdata
Size: 412KB - Virtual size: 411KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 33KB - Virtual size: 33KB