General

  • Target

    2024-10-21_1afe7f957d16cd7ed55657f37e1da31a_cobalt-strike_ryuk

  • Size

    4.8MB

  • Sample

    241021-lgbx8szfrj

  • MD5

    1afe7f957d16cd7ed55657f37e1da31a

  • SHA1

    275724a973f0f10d38c5f092f8bc31749fc33686

  • SHA256

    ebac18f33b85da724df95f5387008124c7f78abb432ef3fbf3d6bf2456e1f661

  • SHA512

    a8d16fdf41358e2cde4070ac431679bb119e1f50cdfc0b6af6ab753e5ef3b89c1259f6bdf0a1bb85ec8abd63dd2bce6ffd3a7bb5521942979c5d1ca684be43a8

  • SSDEEP

    49152:rj8f3jtqiCLg9LK2hIOR+k9jdAsizqxSiZ4K5MZqkL92c6nkdmbD7iIerM1R6ZPn:0rZ4K5M+XD7iIewG+x6xZ14pB2Yyjl

Malware Config

Targets

    • Target

      2024-10-21_1afe7f957d16cd7ed55657f37e1da31a_cobalt-strike_ryuk

    • Size

      4.8MB

    • MD5

      1afe7f957d16cd7ed55657f37e1da31a

    • SHA1

      275724a973f0f10d38c5f092f8bc31749fc33686

    • SHA256

      ebac18f33b85da724df95f5387008124c7f78abb432ef3fbf3d6bf2456e1f661

    • SHA512

      a8d16fdf41358e2cde4070ac431679bb119e1f50cdfc0b6af6ab753e5ef3b89c1259f6bdf0a1bb85ec8abd63dd2bce6ffd3a7bb5521942979c5d1ca684be43a8

    • SSDEEP

      49152:rj8f3jtqiCLg9LK2hIOR+k9jdAsizqxSiZ4K5MZqkL92c6nkdmbD7iIerM1R6ZPn:0rZ4K5M+XD7iIewG+x6xZ14pB2Yyjl

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks