2024-08-28_54ecb2edf9043aedaa615982958ab6bc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-28_54ecb2edf9043aedaa615982958ab6bc_ryuk
Size

1.6MB
MD5

54ecb2edf9043aedaa615982958ab6bc
SHA1

a5e0e8e1e0bc8e6b1e565ad22d0bc28a8d94988d
SHA256

3743afdf26995ac9e3b9f39bfaa1d9cbf0fccec1635951061780bacec288598a
SHA512

0038d5afa55adfedc12b266f009138bd27d6ef9ae37028acea8c770dd2191c31c68eb90930bc9d0bf657f1f7558a8d4c5f7b77954a854f1ae40b847aedc23985
SSDEEP

24576:cPWjI9Ax1dBAlbM+t6MxdHguaCKAGGGC5SYCH7NnmkUv+KzF+yH3:cPWVnKlbd6EhgNCnaSvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-28_54ecb2edf9043aedaa615982958ab6bc_ryuk

Files

2024-08-28_54ecb2edf9043aedaa615982958ab6bc_ryuk
.exe windows:6 windows x64 arch:x64

d664bfa8c09b9a7484a403420ec6cd65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FCAT_DT_Capture_x64.pdb

Imports

kernel32

GetModuleFileNameA
SetLastError
GetFullPathNameW
GetModuleFileNameW
LocalAlloc
CreateFileW
GetFileAttributesW
GetSystemDirectoryW
GetLastError
CloseHandle
GetProcAddress
LocalFree
VerSetConditionMask
CreateProcessW
GetModuleHandleW
FreeLibrary
VerifyVersionInfoW
LoadLibraryExW
CreateDirectoryW
SetConsoleCtrlHandler
EnterCriticalSection
GetCommandLineW
SetConsoleTitleA
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
CreateEventW
Sleep
AttachConsole
OutputDebugStringW
SetEvent
QueryPerformanceFrequency
ResetEvent
GetLocalTime
DeleteCriticalSection
GetCurrentProcessId
lstrcmpiW
QueryPerformanceCounter
AllocConsole
HeapFree
SetDefaultDllDirectories
CreateMutexW
WaitForSingleObject
GetCurrentDirectoryA
UnmapViewOfFile
CreateThread
HeapAlloc
CreateFileMappingA
GetProcessHeap
lstrcpyW
OpenFileMappingA
MapViewOfFile
MulDiv
WritePrivateProfileStringW
GetCurrentProcess
GetPrivateProfileIntW
LoadLibraryExA
GetPrivateProfileStringW
WaitForMultipleObjects
OpenProcess
DeleteFileW
MoveFileExW
FormatMessageA
CreateEventA
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
GetThreadTimes
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
WideCharToMultiByte
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
DuplicateHandle
GetCurrentThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
SetEnvironmentVariableW
RemoveDirectoryW
ExitThread
FreeLibraryAndExitThread
HeapReAlloc
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
ReadConsoleW
ReadFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetTimeZoneInformation
HeapSize
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority

ole32

CoTaskMemFree

shlwapi

PathFileExistsW

bcrypt

BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptVerifySignature

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d664bfa8c09b9a7484a403420ec6cd65

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shlwapi

bcrypt

Sections

.text Size: 643KB - Virtual size: 643KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 16KB - Virtual size: 42KB

.pdata Size: 33KB - Virtual size: 32KB

.didat Size: 1024B - Virtual size: 872B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 153KB - Virtual size: 153KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 643KB - Virtual size: 643KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 16KB - Virtual size: 42KB

.pdata
Size: 33KB - Virtual size: 32KB

.didat
Size: 1024B - Virtual size: 872B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 153KB - Virtual size: 153KB

.reloc
Size: 572KB - Virtual size: 576KB