2024-09-30_dc4c4955ee0db065f620efddd8b61d53_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-30_dc4c4955ee0db065f620efddd8b61d53_ryuk
Size

9.8MB
MD5

dc4c4955ee0db065f620efddd8b61d53
SHA1

a1d59e6cdc4ee2e9a9981cf78378b00d8304619b
SHA256

ed5f047948fda50683bec041a388f6b62f19c045a16e74c8b8e0e5e744d9e362
SHA512

17b53de79c645b30accbac1cf1747df5d3a00b751388b44b86be301c15c6421902895291dec3ccd0fb8512501e425f26eb398691b96148e5858443f466b75572
SSDEEP

196608:5adlGm6DzC/1gsyH/tq3/stWs/HXXJot3:4dlGm6DzCdtyHU/stWQ3Z+3

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-30_dc4c4955ee0db065f620efddd8b61d53_ryuk

Files

2024-09-30_dc4c4955ee0db065f620efddd8b61d53_ryuk
.exe windows:6 windows x64 arch:x64

5224fed607d93aaea4e6c97f018e83c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ClientToScreen

d3d11

D3D11CreateDeviceAndSwapChain

advapi32

CryptAcquireContextW

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

d3dcompiler_47

D3DCompile

imm32

ImmGetContext

ws2_32

WSACleanup

crypt32

CertCloseStore

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wT3
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.:z#
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.5x]
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5224fed607d93aaea4e6c97f018e83c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3d11

advapi32

d3dx11_43

d3dcompiler_47

imm32

ws2_32

crypt32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 55KB - Virtual size: 96KB

.pdata Size: 150KB - Virtual size: 150KB

.00cfg Size: 512B - Virtual size: 56B

.fptable Size: 512B - Virtual size: 256B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 500B

.wT3 Size: 2.8MB - Virtual size: 2.8MB

.:z# Size: 4KB - Virtual size: 3KB

.5x] Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 45KB - Virtual size: 45KB

.rsrc Size: 118KB - Virtual size: 117KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 55KB - Virtual size: 96KB

.pdata
Size: 150KB - Virtual size: 150KB

.00cfg
Size: 512B - Virtual size: 56B

.fptable
Size: 512B - Virtual size: 256B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 500B

.wT3
Size: 2.8MB - Virtual size: 2.8MB

.:z#
Size: 4KB - Virtual size: 3KB

.5x]
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 45KB - Virtual size: 45KB

.rsrc
Size: 118KB - Virtual size: 117KB