General

  • Target

    2024-10-21_1d18e0afc3ba65de2d18d62763564539_cobalt-strike_ryuk

  • Size

    4.8MB

  • Sample

    241021-lgq26azgjk

  • MD5

    1d18e0afc3ba65de2d18d62763564539

  • SHA1

    4e76f33f648934c77516e172cb8504ea4522e82c

  • SHA256

    abc09279612322ba6863b9cc850950d33dd55a3a5e760d578b20845a22bc7604

  • SHA512

    509ff253d17deb38d29a80dcbf1bda230bffba4f88821ef40d594255b50cec649c57ce72d52ce7814e8c663afddba9f930fd688195e58088f7424c03c00f8606

  • SSDEEP

    98304:nrZ4K5M+XD7iIewG+x6xZ14DC17DVqFJU:rZ4K5M6GIzv+Z1+iD4bU

Malware Config

Targets

    • Target

      2024-10-21_1d18e0afc3ba65de2d18d62763564539_cobalt-strike_ryuk

    • Size

      4.8MB

    • MD5

      1d18e0afc3ba65de2d18d62763564539

    • SHA1

      4e76f33f648934c77516e172cb8504ea4522e82c

    • SHA256

      abc09279612322ba6863b9cc850950d33dd55a3a5e760d578b20845a22bc7604

    • SHA512

      509ff253d17deb38d29a80dcbf1bda230bffba4f88821ef40d594255b50cec649c57ce72d52ce7814e8c663afddba9f930fd688195e58088f7424c03c00f8606

    • SSDEEP

      98304:nrZ4K5M+XD7iIewG+x6xZ14DC17DVqFJU:rZ4K5M6GIzv+Z1+iD4bU

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks