General
-
Target
2024-09-10_e7981e5d16518ce4a1e70974e676b0f7_ryuk
-
Size
436KB
-
Sample
240910-fcvxnaxdkm
-
MD5
e7981e5d16518ce4a1e70974e676b0f7
-
SHA1
562f99603eccfcc94e7328cf8f72d26301dca416
-
SHA256
f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f
-
SHA512
98f9842718275de8dd67a354121885d14506de52669ea2e4fc927ec3d292f9f405d23e45be19ae1ec875cecab8cfa532a77a1e6291f8ab869e8de30c98682ab9
-
SSDEEP
1536:gnAgQXhJCxVUzRTRf+TlNXQdDYp3d7Ye5gtFTEllM75wXwtQyHsWSJcdH4JNMwoc:H/yDYslp3dEe2FHQQIYH4/MIq
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-10_e7981e5d16518ce4a1e70974e676b0f7_ryuk.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-10_e7981e5d16518ce4a1e70974e676b0f7_ryuk.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-09-10_e7981e5d16518ce4a1e70974e676b0f7_ryuk
-
Size
436KB
-
MD5
e7981e5d16518ce4a1e70974e676b0f7
-
SHA1
562f99603eccfcc94e7328cf8f72d26301dca416
-
SHA256
f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f
-
SHA512
98f9842718275de8dd67a354121885d14506de52669ea2e4fc927ec3d292f9f405d23e45be19ae1ec875cecab8cfa532a77a1e6291f8ab869e8de30c98682ab9
-
SSDEEP
1536:gnAgQXhJCxVUzRTRf+TlNXQdDYp3d7Ye5gtFTEllM75wXwtQyHsWSJcdH4JNMwoc:H/yDYslp3dEe2FHQQIYH4/MIq
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (8091) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1