2024-09-21_ea8236f93eb50237fa718e4dced8415a_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-21_ea8236f93eb50237fa718e4dced8415a_ryuk
Size

1.1MB
MD5

ea8236f93eb50237fa718e4dced8415a
SHA1

58a98b5ca07e658f512e808ec8fcefcecbbd48b9
SHA256

9357364a8f50a7124f3d36416e5c33edb2ee7886a9f760a322658cca1e5601ba
SHA512

727b03f0a912ec5322d87e3f990260966de02db0ed05d070c3850b317e05c8e50ca0f0a65686a813a94b105f8f17bce63d3785c814a9a4a93c7c35c7af8fe73c
SSDEEP

24576:ZFMNnL88EWzQePE7lb4fj5Oa/QYTJ2yhyuzpvL/neyKi:ZF+nL88TQdSpQ+JFhy2L/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-21_ea8236f93eb50237fa718e4dced8415a_ryuk

Files

2024-09-21_ea8236f93eb50237fa718e4dced8415a_ryuk
.exe windows:5 windows x64 arch:x64

dab67ba9f627042e9ef90ce65929253b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\build\slave\Win_x64\build\src\out\Release_x64\initialexe\chrome.exe.pdb

Imports

chrome_elf

SignalChromeElf

rpcrt4

UuidCreate

advapi32

ImpersonateNamedPipeClient
GetUserNameW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
SystemFunction036
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW
SetThreadToken
SetEntriesInAclW
GetSecurityInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeGetTime

user32

GetWindowThreadProcessId
SendMessageTimeoutW
CharUpperW
IsWindow
AllowSetForegroundWindow
GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CloseDesktop
FindWindowExW

kernel32

PeekNamedPipe
GetDriveTypeW
ExitProcess
GetFullPathNameW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetProcessHeap
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
GetStringTypeW
LCMapStringW
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
GetACP
HeapAlloc
HeapFree
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
ReadConsoleW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCommandLineA
HeapSetInformation
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
CreateEventW
GetCurrentThreadId
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetProcessId
SetCurrentDirectoryW
SetProcessShutdownParameters
LoadLibraryExW
OpenProcess
GetCurrentProcessId
RtlAddFunctionTable
RtlDeleteFunctionTable
CreateRemoteThread
VirtualProtect
GetModuleHandleW
GetFileInformationByHandle
GetExitCodeProcess
CompareStringW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
VirtualAlloc
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringA
CloseHandle
GetTickCount
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineW
LocalFree
GetVersionExW
GetNativeSystemInfo
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetStdHandle
ReadFile
SetHandleInformation
CreatePipe
ResumeThread
CreateProcessW
AssignProcessToJobObject
SetInformationJobObject
GetProcessTimes
IsDebuggerPresent
CreateThread
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetLongPathNameW
QueryDosDeviceW
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryW
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetLocaleInfoW
GetUserDefaultUILanguage
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemDirectoryW
GetWindowsDirectoryW
UnregisterWaitEx
RegisterWaitForSingleObject
GetModuleHandleExW
FindClose
FindFirstFileExW
FindNextFileW
VirtualQuery
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
GetSystemInfo
VirtualQueryEx
InitializeCriticalSection
TerminateJobObject
GetUserDefaultLCID
GetThreadContext
WriteProcessMemory
FreeLibrary
GetFileType
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
CreateMutexW
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
ReadProcessMemory
DebugBreak
lstrlenW
SearchPathW
GetThreadId
LockFileEx
UnlockFileEx
SleepEx
GetVersion
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
GetTimeZoneInformation
GetThreadLocale
ReleaseSemaphore
CreateSemaphoreW
GetComputerNameExW
HeapSize
ConnectNamedPipe
DisconnectNamedPipe
SuspendThread
Wow64GetThreadContext
GetSystemDefaultLCID
VirtualFree

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpReadData
WinHttpConnect
WinHttpAddRequestHeaders

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetHandleVerifier
GetUploadedReportsImpl
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
RegisterNonABICompliantCodeRange
SetCrashKeyValueImpl
UnregisterNonABICompliantCodeRange

Sections

.text
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dab67ba9f627042e9ef90ce65929253b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

chrome_elf

rpcrt4

advapi32

version

winmm

user32

kernel32

wtsapi32

winhttp

Exports

Exports

Sections

.text Size: 765KB - Virtual size: 764KB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 5KB - Virtual size: 108KB

.pdata Size: 46KB - Virtual size: 45KB

CPADinfo Size: 512B - Virtual size: 40B

.gfids Size: 1024B - Virtual size: 756B

.tls Size: 512B - Virtual size: 2B

_RDATA Size: 32KB - Virtual size: 32KB

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 765KB - Virtual size: 764KB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 5KB - Virtual size: 108KB

.pdata
Size: 46KB - Virtual size: 45KB

CPADinfo
Size: 512B - Virtual size: 40B

.gfids
Size: 1024B - Virtual size: 756B

.tls
Size: 512B - Virtual size: 2B

_RDATA
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 6KB - Virtual size: 5KB