2024-06-20_0a5f76e32c56115ca03796887baa913f_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_0a5f76e32c56115ca03796887baa913f_ryuk
Size

1.7MB
MD5

0a5f76e32c56115ca03796887baa913f
SHA1

e4fbd27a68baebfcc52a1286232fa6b75fe4bbbc
SHA256

0b8a6db54eb97beadec77804539823ee4f5a1c3476ce1eb66adb9bf23991f8e4
SHA512

4791c3ff9f52a9374c6a86566e147f1175b63f91db7989b834f2d623c058fba973f6039bf2921eea35678bbdf847c6939157732de34af42ab01dc8e59f592056
SSDEEP

24576:ZX4p4c5yHMAIcWJMYxom6VOAnyhcQUU5QUa0YwJbKdsK6NsmhyJgZgFSG72TYUh2:ZoOc56RvYGmcHyoj6t9CSGCT+u+

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_0a5f76e32c56115ca03796887baa913f_ryuk
.exe windows:6 windows x64 arch:x64

2a286fabc81c7d046328115e297a8ff1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:0a:25:31:a6:a7:2b:c5:c3:6d:91:d6:e7:4b:4a:f2
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

29/07/2022, 00:00

Not After

28/07/2025, 23:59

Subject

SERIALNUMBER=18610160,CN=Sync.com Inc.,O=Sync.com Inc.,ST=Ontario,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074f6e746172696f,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:f2:e4:a8:a9:63:3d:02:0e:34:f0:60:74:0e:e8:3b:a6:05:5d:8a:9e:9d:b0:b3:ec:a5:bf:c5:70:6c:86:e4
Signer

Actual PE Digest

9c:f2:e4:a8:a9:63:3d:02:0e:34:f0:60:74:0e:e8:3b:a6:05:5d:8a:9e:9d:b0:b3:ec:a5:bf:c5:70:6c:86:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\devel\build_vs2015_x64\CrashRpt_v.1.4.3_r1645\bin\x64\CrashSender1403.pdb

Imports

psapi

GetProcessMemoryInfo

ws2_32

htons
htonl
connect
closesocket
ntohs
inet_addr
inet_ntoa
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
send
recv

dnsapi

DnsQuery_W
DnsFree

wininet

InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
InternetOpenW

rpcrt4

RpcStringFreeA
UuidToStringA

gdi32

GetDIBits
CreateDCW
SetViewportOrgEx
TextOutW
CreateHalftonePalette
GetDIBColorTable
CreateDIBSection
SetStretchBltMode
StretchBlt
SetDIBits
SelectPalette
SelectClipRgn
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetTextColor
GetObjectW
Polygon
CreateSolidBrush
SetBkColor
BitBlt
CreateFontW
CreatePalette
CreateRectRgn
RealizePalette

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
ExtractIconW
SHGetFileInfoW
Shell_NotifyIconW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetCurrentThread
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
HeapReAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
PeekNamedPipe
GetFileType
GetDriveTypeW
GetFullPathNameA
SetStdHandle
GetConsoleMode
InterlockedFlushSList
TlsFree
TlsSetValue
TlsGetValue
CloseHandle
GetSystemInfo
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetTempFileNameW
GetTempPathW
DebugBreak
OutputDebugStringW
GetLastError
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GlobalAlloc
FindFirstFileExW
ReadConsoleW
lstrlenA
LoadLibraryW
GetPrivateProfileStringW
WritePrivateProfileStringW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetFullPathNameW
SetLastError
GetProcessTimes
OpenProcess
GetSystemTime
ReadProcessMemory
CopyFileW
FileTimeToSystemTime
GetCommandLineW
DecodePointer
RaiseException
GetCurrentThreadId
LoadLibraryExW
LoadResource
SizeofResource
MulDiv
lstrcmpW
lstrcmpiW
FindResourceW
CompareStringW
GetVersionExW
GetFileInformationByHandle
ReadFile
WriteFile
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateThread
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeCriticalSection
Sleep
GlobalLock
GlobalUnlock
GetSystemDirectoryA
LoadLibraryA
GetTimeZoneInformation
TlsAlloc
RtlUnwindEx
RtlPcToFileHeader
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
FindNextFileA
EncodePointer
IsDebuggerPresent
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
SetConsoleCtrlHandler
FormatMessageW
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
WriteConsoleW
GlobalFree
SetEndOfFile

user32

LoadMenuW
DestroyMenu
EnableMenuItem
GetSubMenu
DeleteMenu
TrackPopupMenu
SetMenuItemInfoW
SetWindowTextW
CheckMenuRadioItem
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
FlashWindow
DialogBoxParamW
EnableWindow
GetMenu
DrawIcon
DrawTextExW
AdjustWindowRectEx
MessageBoxW
CopyRect
LoadIconW
GetIconInfo
IsDialogMessageW
PostMessageW
SetProcessDefaultLayout
CharUpperW
SetTimer
KillTimer
DrawTextExA
SetScrollInfo
GetScrollInfo
AnimateWindow
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
IntersectRect
EnumWindows
GetWindowThreadProcessId
EnumDisplayMonitors
GetCursorInfo
PtInRect
OffsetRect
SetRectEmpty
GetActiveWindow
DrawFocusRect
GetSysColorBrush
GetSysColor
ScreenToClient
GetCursorPos
SetCursor
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
InvalidateRect
EndDialog
SystemParametersInfoW
LoadImageW
DestroyIcon
LoadCursorW
GetClassNameW
GetParent
GetDesktopWindow
EndPaint
BeginPaint
ReleaseDC
UpdateWindow
DrawTextW
IsWindowEnabled
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
CreateDialogParamW
IsWindowVisible
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetGuiResources
GetWindow
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetDC
CharNextW
MoveWindow
LoadStringW
SetWindowLongPtrW
FillRect
GetWindowLongPtrW
SetWindowPos

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
LookupPrivilegeValueW

ole32

CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

VarR8FromStr
VarDateFromStr
VarUI4FromStr
VarDecFromStr
VarDecCmp
SysFreeString
VarI4FromStr

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Remove
_TrackMouseEvent

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a286fabc81c7d046328115e297a8ff1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

de:0a:25:31:a6:a7:2b:c5:c3:6d:91:d6:e7:4b:4a:f2Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

9c:f2:e4:a8:a9:63:3d:02:0e:34:f0:60:74:0e:e8:3b:a6:05:5d:8a:9e:9d:b0:b3:ec:a5:bf:c5:70:6c:86:e4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

ws2_32

dnsapi

wininet

rpcrt4

gdi32

shell32

comdlg32

version

kernel32

user32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 350KB - Virtual size: 349KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 59KB - Virtual size: 58KB

.gfids Size: 512B - Virtual size: 484B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 4KB - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

de:0a:25:31:a6:a7:2b:c5:c3:6d:91:d6:e7:4b:4a:f2
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9c:f2:e4:a8:a9:63:3d:02:0e:34:f0:60:74:0e:e8:3b:a6:05:5d:8a:9e:9d:b0:b3:ec:a5:bf:c5:70:6c:86:e4
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 350KB - Virtual size: 349KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 59KB - Virtual size: 58KB

.gfids
Size: 512B - Virtual size: 484B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 4KB - Virtual size: 4KB