General
-
Target
2024-06-22_3b61ce6dba3b4c43a31c3fe4b200ce47_ryuk
-
Size
5.0MB
-
Sample
240622-fca79aydld
-
MD5
3b61ce6dba3b4c43a31c3fe4b200ce47
-
SHA1
d837d650b7582ab758997d20a497627b8c245293
-
SHA256
c97a7ebf7e3e033f3267b86da76b35d86172b594911359b6439c59d6924a32ae
-
SHA512
cc0244a83451e7aba3bff3149350e4aa73c898872638f2ad24adb6a577f223b86c76ca95df40a55ab750212c3be3e7ececbc435be310d2d567a128153ac9ef70
-
SSDEEP
98304:ztqVJ9FevYYMeBFh5iFIRv2Vb84tuTjH1ocyBQPnRNJe1B+XKVbFxsSHcnEPuJKG:z6neMeR5U84U/cGRNJpystEPukG
Behavioral task
behavioral1
Sample
2024-06-22_3b61ce6dba3b4c43a31c3fe4b200ce47_ryuk.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-06-22_3b61ce6dba3b4c43a31c3fe4b200ce47_ryuk.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
metasploit_stager
192.168.100.107:443
Targets
-
-
Target
2024-06-22_3b61ce6dba3b4c43a31c3fe4b200ce47_ryuk
-
Size
5.0MB
-
MD5
3b61ce6dba3b4c43a31c3fe4b200ce47
-
SHA1
d837d650b7582ab758997d20a497627b8c245293
-
SHA256
c97a7ebf7e3e033f3267b86da76b35d86172b594911359b6439c59d6924a32ae
-
SHA512
cc0244a83451e7aba3bff3149350e4aa73c898872638f2ad24adb6a577f223b86c76ca95df40a55ab750212c3be3e7ececbc435be310d2d567a128153ac9ef70
-
SSDEEP
98304:ztqVJ9FevYYMeBFh5iFIRv2Vb84tuTjH1ocyBQPnRNJe1B+XKVbFxsSHcnEPuJKG:z6neMeR5U84U/cGRNJpystEPukG
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-