Overview

overview

10

Static

static

10

Ryuk .Net ...er.exe

windows7-x64

10

Ryuk .Net ...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ryuk .Net Ransomware Builder.exe

  • Size

    287KB

  • Sample

    240814-dht67svhnh

  • MD5

    b20d5ada2e81683bda32aa80cd71c025

  • SHA1

    1ab3daa872761d887ef0be9ace528ee323201211

  • SHA256

    0d8b4a07e91e02335f600332644e8f0e504f75ab19899a58b2c85ecb0887c738

  • SHA512

    94da5ae4e43e6b0fdc8d0a83d8a3f2991a47b6e12f6781cc6aecb2d8d97a2d0da6dc456e3618c1a36697862e1a7a50b27a036b3569f33889452fe921c6981d91

  • SSDEEP

    3072:GVgr8/vRx5cCPaEy3YxB+DV0Ugr8/vfx:GSrS/yKrS

Score
10/10
chaospersistenceransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\read_it.txt

Ransom Note
All of your files have been encrypted Your computer was infected with a ransomware virus. Your files have been encrypted and you won't be able to decrypt them without our help.What can I do to get my files back?You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only. How do I pay, where do I get Bitcoin? Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search yourself to find out how to buy Bitcoin. Many of our customers have reported these sites to be fast and reliable: Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com Payment informationAmount: 0.1473766 BTC Bitcoin Address: bc1qw0ll8p9m8uezhqhyd7z459ajrk722yn8c5j4fg

Targets

    • Target

      Ryuk .Net Ransomware Builder.exe

    • Size

      287KB

    • MD5

      b20d5ada2e81683bda32aa80cd71c025

    • SHA1

      1ab3daa872761d887ef0be9ace528ee323201211

    • SHA256

      0d8b4a07e91e02335f600332644e8f0e504f75ab19899a58b2c85ecb0887c738

    • SHA512

      94da5ae4e43e6b0fdc8d0a83d8a3f2991a47b6e12f6781cc6aecb2d8d97a2d0da6dc456e3618c1a36697862e1a7a50b27a036b3569f33889452fe921c6981d91

    • SSDEEP

      3072:GVgr8/vRx5cCPaEy3YxB+DV0Ugr8/vfx:GSrS/yKrS

    Score
    10/10
    chaospersistenceransomware

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks