2024-07-27_8a4cc3a0536f338586594a5e7fb221b8_hijackloader_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-27_8a4cc3a0536f338586594a5e7fb221b8_hijackloader_ryuk
Size

2.0MB
MD5

8a4cc3a0536f338586594a5e7fb221b8
SHA1

a79539738f84cbdfa04da3979437a8915fc18f7a
SHA256

9ca3021a05790f7f4d153d100ee4aca16dc7890e2321658beed3debfc12d334d
SHA512

2a13b4440dc1681f168ba5ae7432d95255fb1e3e2b1d0a6ebf202ed3542a77555de97ec1ed569902358db52b57129ab17ad0554bb9a4acc86abd51229167615d
SSDEEP

24576:M4mqVmaA44QwwFXwzOryNcxU0WS3E+V2gWy+QiY0wK+MW62/hecL3X:WWnQcPWS3EAVt6YeeH

Score

1^/10

Malware Config

Signatures

Files

2024-07-27_8a4cc3a0536f338586594a5e7fb221b8_hijackloader_ryuk
.exe windows:5 windows x64 arch:x64

ec0930a14e5f2f3e0341d8b4a59a75e6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:a5:a1:33:e7:fe:db:53:c8:f1:66:87:cf:bc:4e:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/04/2023, 00:00

Not After

04/04/2026, 23:59

Subject

SERIALNUMBER=91310110787862412B,CN=上海贝锐信息科技股份有限公司,O=上海贝锐信息科技股份有限公司,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:a5:a1:33:e7:fe:db:53:c8:f1:66:87:cf:bc:4e:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/04/2023, 00:00

Not After

04/04/2026, 23:59

Subject

SERIALNUMBER=91310110787862412B,CN=上海贝锐信息科技股份有限公司,O=上海贝锐信息科技股份有限公司,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:ad:a9:e8:1d:fd:f3:ef:08:bc:8c:7d:3a:93:6c:d1:c4:ed:c7:62:18:9a:cc:80:e4:01:6a:50:5c:ce:27:fb
Signer

Actual PE Digest

6f:ad:a9:e8:1d:fd:f3:ef:08:bc:8c:7d:3a:93:6c:d1:c4:ed:c7:62:18:9a:cc:80:e4:01:6a:50:5c:ce:27:fb

Digest Algorithm

sha256

PE Digest Matches

false

a9:53:81:66:f4:3b:f1:c0:39:11:09:9c:ff:03:57:7d:ed:41:e5:4f
Signer

Actual PE Digest

a9:53:81:66:f4:3b:f1:c0:39:11:09:9c:ff:03:57:7d:ed:41:e5:4f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hid

HidD_GetAttributes
HidD_GetHidGuid

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CryptDecodeObject

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInterfaceDetailA
SetupDiChangeState
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

FindClose
CreateFileW
GetFileAttributesW
GetCommandLineA
CreateToolhelp32Snapshot
GetTempPathA
Process32NextW
GetCurrentThread
LockResource
GlobalAlloc
DeleteFileW
Process32FirstW
GlobalFree
GetNativeSystemInfo
FindResourceExW
LoadResource
FindResourceW
GlobalLock
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
IsBadReadPtr
GlobalUnlock
GlobalSize
GetSystemTime
TryEnterCriticalSection
GetCommandLineW
GetModuleHandleExW
WritePrivateProfileStringW
WritePrivateProfileStringA
SetLastError
GetTempPathW
GetExitCodeThread
TerminateThread
ProcessIdToSessionId
SetPriorityClass
SetProcessShutdownParameters
GetFileTime
FileTimeToDosDateTime
GetSystemDirectoryA
GetUserDefaultLangID
SystemTimeToTzSpecificLocalTime
GetVolumeInformationW
GetLogicalDriveStringsW
RtlCaptureContext
PeekNamedPipe
DeviceIoControl
GetStringTypeW
QueryPerformanceCounter
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
GetConsoleMode
CreateDirectoryW
GetFileAttributesExW
GetFileType
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WaitForSingleObjectEx
FindNextFileW
GetFileSizeEx
FindFirstFileW
SizeofResource
GetModuleFileNameA
ReadFile
lstrcpyW
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
LocalAlloc
GetCurrentProcess
GetFullPathNameW
GetSystemTimeAsFileTime
TlsFree
TlsGetValue
CreateThread
TlsAlloc
Sleep
ResumeThread
TlsSetValue
IsDebuggerPresent
GetCurrentThreadId
GetModuleFileNameW
SetUnhandledExceptionFilter
TerminateProcess
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WriteConsoleW
SetEndOfFile
SetStdHandle
WriteFile
GetStdHandle
OutputDebugStringA
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForMultipleObjects
ReleaseSemaphore
GetTickCount
FreeLibrary
LoadLibraryW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObject
CreateMutexA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
CreateFileA
GetLastError
HeapSize
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
GetConsoleCP
SetFilePointerEx
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
SetConsoleCtrlHandler
ExitProcess
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
ReadConsoleW
GetLocalTime

user32

GetMonitorInfoA
EnumDisplaySettingsA
EnumDisplayDevicesW
SetThreadDesktop
GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetSystemMetrics
MapVirtualKeyW
SendInput
GetMessageW
SendMessageW
CallWindowProcW
SendMessageTimeoutW
SetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
GetPriorityClipboardFormat
ChangeClipboardChain
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
GetUserObjectInformationA
EnumDisplayMonitors
EnumDisplayDevicesA
UnregisterClassW
ReleaseDC
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
IsWindow
ShowWindow
PostMessageW
GetWindowLongW
GetCursorPos
SetCursorPos
PtInRect
KillTimer
SetWindowLongW
SetLayeredWindowAttributes
GetDialogBaseUnits
DialogBoxIndirectParamW
SetTimer
EndDialog
DestroyWindow
GetWindowRect
RegisterClipboardFormatA
RegisterClipboardFormatW
FindWindowExW
PostQuitMessage
DrawIconEx
PostThreadMessageW
DrawTextW
TranslateMessage
GetSysColor
PeekMessageW
DefWindowProcW
GetDC
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
GetIconInfo
GetWindowLongPtrW
RegisterClassExW
DispatchMessageW

advapi32

CloseServiceHandle
OpenSCManagerW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
SetTokenInformation
CheckTokenMembership
RegOpenKeyExW
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExW
OpenProcessToken
AllocateAndInitializeSid
FreeSid
OpenServiceW
QueryServiceConfigW

ole32

CoCreateInstance
CoSetProxyBlanket
OleInitialize
RegisterDragDrop
ReleaseStgMedium
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
DoDragDrop
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
OleSetClipboard
CoInitializeSecurity

shell32

CommandLineToArgvW
DragQueryFileW
SHGetFileInfoW
ord727
ShellExecuteExW
SHGetFolderPathW
DragQueryPoint

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VariantClear
VariantInit

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathFileExistsA
SHCreateStreamOnFileW
PathFindExtensionW
StrStrIA

userenv

CreateEnvironmentBlock

ws2_32

send
socket
getsockname
getpeername
listen
closesocket
bind
accept
WSAStartup
WSACleanup
gethostname
htons
connect
recvfrom
recv
getsockopt
sendto
ioctlsocket
setsockopt
WSAGetLastError
gethostbyname
htonl
inet_ntoa
ntohs
inet_addr
select
getservbyname
getservbyport
gethostbyaddr
WSASetLastError
shutdown
__WSAFDIsSet

iphlpapi

GetAdaptersInfo
GetIpForwardTable

gdi32

GdiFlush
SetDIBitsToDevice
DeleteDC
CreateCompatibleDC
SelectObject
CreateFontIndirectW
DeleteObject
GetObjectW
SetBkMode
SetTextColor
GetStockObject
CreateDIBSection
GetDeviceCaps

dbghelp

SymGetLineFromAddr64
SymFunctionTableAccess64
SymGetModuleInfo64
StackWalk64
SymGetModuleBase64
SymCleanup
SymGetSymFromAddr64
SymInitialize

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 852KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.custom
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 713KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec0930a14e5f2f3e0341d8b4a59a75e6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:a5:a1:33:e7:fe:db:53:c8:f1:66:87:cf:bc:4e:dbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:a5:a1:33:e7:fe:db:53:c8:f1:66:87:cf:bc:4e:dbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

6f:ad:a9:e8:1d:fd:f3:ef:08:bc:8c:7d:3a:93:6c:d1:c4:ed:c7:62:18:9a:cc:80:e4:01:6a:50:5c:ce:27:fbSigner

a9:53:81:66:f4:3b:f1:c0:39:11:09:9c:ff:03:57:7d:ed:41:e5:4fSigner

Headers

DLL Characteristics

File Characteristics

Imports

hid

crypt32

setupapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

userenv

ws2_32

iphlpapi

gdi32

dbghelp

version

Sections

.text Size: 852KB - Virtual size: 852KB

.rdata Size: 358KB - Virtual size: 358KB

.data Size: 26KB - Virtual size: 36KB

.pdata Size: 41KB - Virtual size: 40KB

.gfids Size: 1024B - Virtual size: 1004B

.tls Size: 512B - Virtual size: 9B

.custom Size: 512B - Virtual size: 408B

.rsrc Size: 713KB - Virtual size: 713KB

.reloc Size: 8KB - Virtual size: 8KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:a5:a1:33:e7:fe:db:53:c8:f1:66:87:cf:bc:4e:db
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:a5:a1:33:e7:fe:db:53:c8:f1:66:87:cf:bc:4e:db
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

6f:ad:a9:e8:1d:fd:f3:ef:08:bc:8c:7d:3a:93:6c:d1:c4:ed:c7:62:18:9a:cc:80:e4:01:6a:50:5c:ce:27:fb
Signer

a9:53:81:66:f4:3b:f1:c0:39:11:09:9c:ff:03:57:7d:ed:41:e5:4f
Signer

.text
Size: 852KB - Virtual size: 852KB

.rdata
Size: 358KB - Virtual size: 358KB

.data
Size: 26KB - Virtual size: 36KB

.pdata
Size: 41KB - Virtual size: 40KB

.gfids
Size: 1024B - Virtual size: 1004B

.tls
Size: 512B - Virtual size: 9B

.custom
Size: 512B - Virtual size: 408B

.rsrc
Size: 713KB - Virtual size: 713KB

.reloc
Size: 8KB - Virtual size: 8KB