General

  • Target

    2024-06-22_3b61ce6dba3b4c43a31c3fe4b200ce47_ryuk

  • Size

    5.0MB

  • Sample

    240622-fca79aydld

  • MD5

    3b61ce6dba3b4c43a31c3fe4b200ce47

  • SHA1

    d837d650b7582ab758997d20a497627b8c245293

  • SHA256

    c97a7ebf7e3e033f3267b86da76b35d86172b594911359b6439c59d6924a32ae

  • SHA512

    cc0244a83451e7aba3bff3149350e4aa73c898872638f2ad24adb6a577f223b86c76ca95df40a55ab750212c3be3e7ececbc435be310d2d567a128153ac9ef70

  • SSDEEP

    98304:ztqVJ9FevYYMeBFh5iFIRv2Vb84tuTjH1ocyBQPnRNJe1B+XKVbFxsSHcnEPuJKG:z6neMeR5U84U/cGRNJpystEPukG

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.100.107:443

Targets

    • Target

      2024-06-22_3b61ce6dba3b4c43a31c3fe4b200ce47_ryuk

    • Size

      5.0MB

    • MD5

      3b61ce6dba3b4c43a31c3fe4b200ce47

    • SHA1

      d837d650b7582ab758997d20a497627b8c245293

    • SHA256

      c97a7ebf7e3e033f3267b86da76b35d86172b594911359b6439c59d6924a32ae

    • SHA512

      cc0244a83451e7aba3bff3149350e4aa73c898872638f2ad24adb6a577f223b86c76ca95df40a55ab750212c3be3e7ececbc435be310d2d567a128153ac9ef70

    • SSDEEP

      98304:ztqVJ9FevYYMeBFh5iFIRv2Vb84tuTjH1ocyBQPnRNJe1B+XKVbFxsSHcnEPuJKG:z6neMeR5U84U/cGRNJpystEPukG

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks