General

  • Target

    2024-10-16_d3e80676315f36ebd805caeba83406b0_ryuk

  • Size

    27.2MB

  • Sample

    241016-b2bg4azhlr

  • MD5

    d3e80676315f36ebd805caeba83406b0

  • SHA1

    93682e0fe364674df4fe0d8d2e38d11f05ea9f4f

  • SHA256

    435815bf9aa9bff43d1714001d0dce774bf1c720ac7fe54652b9c97429939fbb

  • SHA512

    cd3207d92b477d2f1d4ee26ad3633bc847737c5d34f27261d0cdafc6e00ba2fb8b5a47db50b6e4cc1dc0026d82728c1003f4ac5296a15beebad29c9fec788eca

  • SSDEEP

    786432:p5P00PMH6RNkQs3MJWvB8ipuz/nRZ7hjSpT:pB00PMaHscJWvB8ipunNe

Malware Config

Targets

    • Target

      2024-10-16_d3e80676315f36ebd805caeba83406b0_ryuk

    • Size

      27.2MB

    • MD5

      d3e80676315f36ebd805caeba83406b0

    • SHA1

      93682e0fe364674df4fe0d8d2e38d11f05ea9f4f

    • SHA256

      435815bf9aa9bff43d1714001d0dce774bf1c720ac7fe54652b9c97429939fbb

    • SHA512

      cd3207d92b477d2f1d4ee26ad3633bc847737c5d34f27261d0cdafc6e00ba2fb8b5a47db50b6e4cc1dc0026d82728c1003f4ac5296a15beebad29c9fec788eca

    • SSDEEP

      786432:p5P00PMH6RNkQs3MJWvB8ipuz/nRZ7hjSpT:pB00PMaHscJWvB8ipunNe

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Modifies file permissions

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks