General
-
Target
d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.zip
-
Size
65KB
-
Sample
240626-rptqxa1ejn
-
MD5
f66650f1eb0e575523e8da5154782a4b
-
SHA1
e3c94add02925529158a812030e3efeb4f728c92
-
SHA256
c1c45475c472ffb43d4922bd109e93d4bccfa18b97f8fc328929ef489dcc909b
-
SHA512
46dc8d2992b1b77613df928ad181e41160badca08c2b66bbcf5c06bed297876c7a83a7088f441479e40a5cc3a7e5218b8132f2044e7f8b9ddd1f27c8017a4eed
-
SSDEEP
1536:X8zJimUveEFIcD5IH0JOSgb9UEfoyHi5Tunsn+xSyO:sNBItp6pxb9L5C5TEsn+u
Malware Config
Targets
-
-
Target
d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
-
Size
131KB
-
MD5
2cc630e080bb8de5faf9f5ae87f43f8b
-
SHA1
5a385b8b4b88b6eb93b771b7fbbe190789ef396a
-
SHA256
d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9
-
SHA512
901939718692e20a969887e64db581d6fed62c99026709c672edb75ebfa35ce02fa68308d70d463afbcc42a46e52ea9f7bc5ed93e5dbf3772d221064d88e11d7
-
SSDEEP
3072:j06qm9E8obCg2QdgYdrp23suV+eGg21Yg:j06qHnOg3df9eAJ
Score10/10-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Renames multiple (7433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-