ryuk

General

Target

abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
Size

200KB
Sample

240926-k9flfsyfkp
MD5

592d8660d2670bc67e91e1cf2b80d7d0
SHA1

b85dcbe81d1f9c7877ed742bebfdd07216358d74
SHA256

abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842f
SHA512

040c2e18fb5b5ccfab1b604e96022c056e2c1a5bba8fbd3a0f6253f7fe9262f206b6e9aa508cc96bffedfd493735e4f274de114abfe36be94ae585f23134d172
SSDEEP

3072:FzOCLlTCrLBExk+bN4ejpMT/JUVWaI9shNI8:ROSTCRExkwOmM

Score

10^/10

Malware Config

Extracted

Path

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] [email protected] balance of shadow universe Ryuk

Emails

[email protected]

Targets

- Target
  
  abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
- Size
  
  200KB
- MD5
  
  592d8660d2670bc67e91e1cf2b80d7d0
- SHA1
  
  b85dcbe81d1f9c7877ed742bebfdd07216358d74
- SHA256
  
  abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842f
- SHA512
  
  040c2e18fb5b5ccfab1b604e96022c056e2c1a5bba8fbd3a0f6253f7fe9262f206b6e9aa508cc96bffedfd493735e4f274de114abfe36be94ae585f23134d172
- SSDEEP
  
  3072:FzOCLlTCrLBExk+bN4ejpMT/JUVWaI9shNI8:ROSTCRExkwOmM
Score

10^/10

ryuk discovery ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2