General

  • Target

    2024-10-21_04bedba7cc8675a69948432cfa66b753_cobalt-strike_ryuk

  • Size

    4.8MB

  • Sample

    241021-ldp1paybja

  • MD5

    04bedba7cc8675a69948432cfa66b753

  • SHA1

    549438cb9e9c741d1ae20653ece482839c0cc3cf

  • SHA256

    b73d5c448f3a4ce8b939fd089f218251cf8a51e216b818bdf7893352134cee40

  • SHA512

    f08c35bdd834d29e3d687b5443e6a18feed9375749087359943b6dcb3b960923d590af7df57a428ea3b9af38a33e38d7c2e5fb956baf70efc2a52377cb7d32d9

  • SSDEEP

    49152:Xj8f3jtqiCLg9LK2hIOR+k9jdAsizqxSiZ4K5MZqkL92c6nkdmbD4iIerM1R6ZPJ:wrZ4K5M+XD4iIewG+x6xZ14MTVD9

Malware Config

Targets

    • Target

      2024-10-21_04bedba7cc8675a69948432cfa66b753_cobalt-strike_ryuk

    • Size

      4.8MB

    • MD5

      04bedba7cc8675a69948432cfa66b753

    • SHA1

      549438cb9e9c741d1ae20653ece482839c0cc3cf

    • SHA256

      b73d5c448f3a4ce8b939fd089f218251cf8a51e216b818bdf7893352134cee40

    • SHA512

      f08c35bdd834d29e3d687b5443e6a18feed9375749087359943b6dcb3b960923d590af7df57a428ea3b9af38a33e38d7c2e5fb956baf70efc2a52377cb7d32d9

    • SSDEEP

      49152:Xj8f3jtqiCLg9LK2hIOR+k9jdAsizqxSiZ4K5MZqkL92c6nkdmbD4iIerM1R6ZPJ:wrZ4K5M+XD4iIewG+x6xZ14MTVD9

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks