e8c14a84f19be69217e6c9413ad8c188883a66ff70e2ac493f1ed78e5d770a71 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

2024-06-27...uk.exe

windows7-x64

7

2024-06-27...uk.exe

windows10-2004-x64

7

Sharing

General

Target

2024-06-27_b2bba69e56971bcc089294dda4e42855_ryuk
Size

3.1MB
Sample

240627-jlkptszald
MD5

b2bba69e56971bcc089294dda4e42855
SHA1

b64db9911c7cdf79dc56ae9f088bee1444e979d4
SHA256

e8c14a84f19be69217e6c9413ad8c188883a66ff70e2ac493f1ed78e5d770a71
SHA512

2e79f507738159583c0c18641ca8cd8b6c6e966beabbb2e168519b26e1405a41cd77b81784b0f3ef7d265e092442c67fa5b9794d1be805ca860447dc11132b9d
SSDEEP

49152:2qA4DtJKW5fcUKW1wgEAXsruFFTLvIY45wsBr/5ZomGzNQeyUHBdH3hdG7y00ibS:2X5WmtFBrGKe9BpRV00ibS

Score

7^/10

persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-06-27_b2bba69e56971bcc089294dda4e42855_ryuk.exe

Resource

win7-20240611-en

persistence spyware stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-27_b2bba69e56971bcc089294dda4e42855_ryuk.exe

Resource

win10v2004-20240508-en

persistence spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-27_b2bba69e56971bcc089294dda4e42855_ryuk
- Size
  
  3.1MB
- MD5
  
  b2bba69e56971bcc089294dda4e42855
- SHA1
  
  b64db9911c7cdf79dc56ae9f088bee1444e979d4
- SHA256
  
  e8c14a84f19be69217e6c9413ad8c188883a66ff70e2ac493f1ed78e5d770a71
- SHA512
  
  2e79f507738159583c0c18641ca8cd8b6c6e966beabbb2e168519b26e1405a41cd77b81784b0f3ef7d265e092442c67fa5b9794d1be805ca860447dc11132b9d
- SSDEEP
  
  49152:2qA4DtJKW5fcUKW1wgEAXsruFFTLvIY45wsBr/5ZomGzNQeyUHBdH3hdG7y00ibS:2X5WmtFBrGKe9BpRV00ibS
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2025

Terms | Privacy