475dc5a17496e8ef31853d080902fcee92fde5d5c8df93c8f95fbb8d82460249 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

2024-09-08...uk.exe

windows7-x64

1

2024-09-08...uk.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_b2a2929ff16a5f07d021f3cec3f1ec09_ryuk
Size

1.5MB
Sample

240908-e28pdaybna
MD5

b2a2929ff16a5f07d021f3cec3f1ec09
SHA1

3bd04f0ef6618bed71cb4ba757c7ed5f7503794c
SHA256

475dc5a17496e8ef31853d080902fcee92fde5d5c8df93c8f95fbb8d82460249
SHA512

c1d7f8faab7750bc49dbc4b8b9ba772c3608e1d81464f536900c007648fa054f0ac49aa5254321210469992ae0e044f656b1554833217f18f0a54cb1ce534d72
SSDEEP

24576:I3oH6mhNF4Xx7AMsqjnhMgeiCl7G0nehbGZpbD:KoHRFEBA4Dmg27RnWGj

Score

7^/10

persistence privilege_escalation spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-09-08_b2a2929ff16a5f07d021f3cec3f1ec09_ryuk.exe

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-09-08_b2a2929ff16a5f07d021f3cec3f1ec09_ryuk.exe

Resource

win10v2004-20240802-en

persistence privilege_escalation spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-09-08_b2a2929ff16a5f07d021f3cec3f1ec09_ryuk
- Size
  
  1.5MB
- MD5
  
  b2a2929ff16a5f07d021f3cec3f1ec09
- SHA1
  
  3bd04f0ef6618bed71cb4ba757c7ed5f7503794c
- SHA256
  
  475dc5a17496e8ef31853d080902fcee92fde5d5c8df93c8f95fbb8d82460249
- SHA512
  
  c1d7f8faab7750bc49dbc4b8b9ba772c3608e1d81464f536900c007648fa054f0ac49aa5254321210469992ae0e044f656b1554833217f18f0a54cb1ce534d72
- SSDEEP
  
  24576:I3oH6mhNF4Xx7AMsqjnhMgeiCl7G0nehbGZpbD:KoHRFEBA4Dmg27RnWGj
Score

7^/10

persistence privilege_escalation spyware stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalationspywarestealer

© 2018-2025

Terms | Privacy