2024-06-24_2bdc7fd24e291d4aa844dfb7576b3bf8_poet-rat_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-24_2bdc7fd24e291d4aa844dfb7576b3bf8_poet-rat_ryuk
Size

6.8MB
MD5

2bdc7fd24e291d4aa844dfb7576b3bf8
SHA1

a58783a6d388e08aa93b651cade2aa31e5d428a4
SHA256

4831a59dc6b4d6f9ba23b00f1476c1b1e21082c73e0f1ba06dbea8704b33dfb1
SHA512

2cfb8d2dd51ae02d14745fc6f224de56cf20f324588295ff6950dd01e2e5dcc7eb9f63b4877f2d1159db8ae28fc2d8dde324ac725322d6700a6d972edb323d81
SSDEEP

49152:Mjji6pl9XvCI5+y433/80jltFbbRL4MQMRhD/ZzOqGw1U2/OGiwctRKojgMUHnxi:sph9B6j1Uy2dURj768pSniAU4q2SL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-24_2bdc7fd24e291d4aa844dfb7576b3bf8_poet-rat_ryuk

Files

2024-06-24_2bdc7fd24e291d4aa844dfb7576b3bf8_poet-rat_ryuk
.exe windows:6 windows x64 arch:x64

1987b39590b72f7c01b94e5918c1959a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bthprops.cpl

BluetoothFindFirstRadio
BluetoothFindNextDevice
BluetoothFindFirstDevice
BluetoothGetRadioInfo
BluetoothFindRadioClose
BluetoothFindDeviceClose
BluetoothGetDeviceInfo
BluetoothFindNextRadio
BluetoothSendAuthenticationResponseEx
BluetoothUnregisterAuthentication
BluetoothRegisterForAuthenticationEx
BluetoothIsConnectable
BluetoothEnableIncomingConnections
BluetoothIsDiscoverable
BluetoothEnableDiscovery
BluetoothEnumerateInstalledServices
BluetoothSetServiceState
BluetoothAuthenticateDeviceEx
BluetoothRemoveDevice

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

hid

HidD_SetOutputReport

msvfw32

ICDecompress
ICOpen
ICSendMessage
ICClose

avifil32

AVIStreamGetFrameClose
AVIStreamGetFrame
AVIStreamGetFrameOpen
AVIStreamInfoA
AVIStreamRelease
AVIFileInit
AVIFileRelease
AVIFileOpenA
AVIFileGetStream

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

kernel32

ExitProcess
HeapReAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
ReadConsoleW
PeekNamedPipe
GetDateFormatW
GetTimeFormatW
GetLastError
LocalFree
FormatMessageW
GetCurrentProcessId
Sleep
GetTickCount
SwitchToThread
SetLastError
GetCurrentProcess
CloseHandle
DuplicateHandle
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
CreateFileA
GetSystemInfo
GetFileSizeEx
FormatMessageA
SetEndOfFile
SetFilePointerEx
WriteFile
GetProcAddress
GetModuleHandleA
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventA
CreateThread
GetCurrentThreadId
VerSetConditionMask
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
CreateMutexW
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
GetModuleHandleW
WaitForMultipleObjects
CreateWaitableTimerExA
IsValidLocale
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
RaiseException
GetOverlappedResult
DeviceIoControl
CancelIo
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
GetFileAttributesW
GetFullPathNameW
AreFileApisANSI
MultiByteToWideChar
GetSystemTimeAsFileTime
OpenEventA
WaitForMultipleObjectsEx
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
SystemTimeToFileTime
CreateEventW
SleepEx
GetVersionExA
SetThreadAffinityMask
GetProcessAffinityMask
DeleteFileA
TryEnterCriticalSection
GetTempPathA
GetTempFileNameA
GetTempPathW
GetDriveTypeW
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
GetACP
RtlUnwindEx
RtlPcToFileHeader
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
UnregisterWait
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
LoadLibraryW
RegisterWaitForSingleObject
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
SetStdHandle
FindFirstFileExA
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapSize
VerifyVersionInfoA
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetExitCodeThread
GetCurrentThread

user32

UnregisterDeviceNotification
RegisterClassExA
RegisterDeviceNotificationA
DestroyWindow
GetMessageA
DefWindowProcA
UnregisterClassA
GetActiveWindow
PeekMessageA
DispatchMessageA
CreateWindowExA
TranslateMessage
GetRawInputDeviceInfoA
GetRawInputDeviceList
SendMessageA
IsWindow
SetWindowPos

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

OleCreatePropertyFrame
VariantClear
VariantInit

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
ChangeServiceConfigA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

WSASocketW
WSARecv
WSAGetLastError
WSAAddressToStringW
WSASend
WSASendTo
WSARecvFrom
WSAStartup
WSACleanup
bind
closesocket
ioctlsocket
htonl
htons
listen
ntohl
ntohs
setsockopt
shutdown
WSASetLastError

mswsock

AcceptEx
GetAcceptExSockaddrs

Exports

Exports

hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_feature_report
hid_get_indexed_string
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_write

Sections

.text
Size: 4.8MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1987b39590b72f7c01b94e5918c1959a

Headers

DLL Characteristics

File Characteristics

Imports

bthprops.cpl

setupapi

hid

msvfw32

avifil32

avicap32

kernel32

user32

ole32

oleaut32

advapi32

winmm

ws2_32

mswsock

Exports

Exports

Sections

.text Size: 4.8MB - Virtual size: 4.7MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 118KB - Virtual size: 792KB

.pdata Size: 217KB - Virtual size: 216KB

.tls Size: 512B - Virtual size: 29B

.gfids Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 4.8MB - Virtual size: 4.7MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 118KB - Virtual size: 792KB

.pdata
Size: 217KB - Virtual size: 216KB

.tls
Size: 512B - Virtual size: 29B

.gfids
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 32KB