Overview

overview

10

Static

static

3

tmpz3o4tlol.exe

windows7-x64

10

tmpz3o4tlol.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmpz3o4tlol

  • Size

    152KB

  • Sample

    240620-pkx7esxblh

  • MD5

    32cbc69f85cc47d8e35dc20dfbda6948

  • SHA1

    35dd5239977c2922a06389061cca846ec09453bb

  • SHA256

    795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f

  • SHA512

    f485a56c783dba3c15d691709a6736d5589194ec8f54e8d01342e7d6f4c54b4a56eae0fa49e150e8a13780fcb7e2e50337c8eaa026baf51774527351b365a25c

  • SSDEEP

    3072:FnJc2mXEkovNxp/gR4DoBOX8CdMzCqV5NNFqe/P:7EsV/gekBIt9W3

Score
10/10
ryukransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Targets

    • Target

      tmpz3o4tlol

    • Size

      152KB

    • MD5

      32cbc69f85cc47d8e35dc20dfbda6948

    • SHA1

      35dd5239977c2922a06389061cca846ec09453bb

    • SHA256

      795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f

    • SHA512

      f485a56c783dba3c15d691709a6736d5589194ec8f54e8d01342e7d6f4c54b4a56eae0fa49e150e8a13780fcb7e2e50337c8eaa026baf51774527351b365a25c

    • SSDEEP

      3072:FnJc2mXEkovNxp/gR4DoBOX8CdMzCqV5NNFqe/P:7EsV/gekBIt9W3

    Score
    10/10
    ryukransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Renames multiple (2744) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks