General
-
Target
2024-09-21_d0e0461bc0a130c622013f61e35aff6d_hijackloader_ryuk
-
Size
838KB
-
Sample
240921-bg49nsxgre
-
MD5
d0e0461bc0a130c622013f61e35aff6d
-
SHA1
715c1c5f403d7d1a9831be878e1d2a3910bc4f3e
-
SHA256
d274787942d562893a74ebbfd28285e0c292ba50bed479038c90c0d2d21e368a
-
SHA512
98d5043162a4e6a6c6a61026c6e5367bf43ad8eba9078e4818697d3aaac4c523f73777ea7cf803a87e81794d13e89ca1a484409c0ab7d9057c4ece43fa13802f
-
SSDEEP
12288:hpTcb8nrtGiBhTrv4jAjCHD55gZGVB50K8Mnxu3omoa/5cdP:jTBXrv4jAaD55gZGVB50K8O4TS
Malware Config
Extracted
Protocol: ftp- Host:
134.122.155.46 - Port:
21 - Username:
lz165404 - Password:
lz165404.
Targets
-
-
Target
2024-09-21_d0e0461bc0a130c622013f61e35aff6d_hijackloader_ryuk
-
Size
838KB
-
MD5
d0e0461bc0a130c622013f61e35aff6d
-
SHA1
715c1c5f403d7d1a9831be878e1d2a3910bc4f3e
-
SHA256
d274787942d562893a74ebbfd28285e0c292ba50bed479038c90c0d2d21e368a
-
SHA512
98d5043162a4e6a6c6a61026c6e5367bf43ad8eba9078e4818697d3aaac4c523f73777ea7cf803a87e81794d13e89ca1a484409c0ab7d9057c4ece43fa13802f
-
SSDEEP
12288:hpTcb8nrtGiBhTrv4jAjCHD55gZGVB50K8Mnxu3omoa/5cdP:jTBXrv4jAaD55gZGVB50K8O4TS
Score10/10-
UAC bypass
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2