General

  • Target

    2024-10-21_29b2d4fe10aa7b1ac5cd22d7b5cd7b62_cobalt-strike_ryuk

  • Size

    1.7MB

  • Sample

    241021-ljtwtszgqr

  • MD5

    29b2d4fe10aa7b1ac5cd22d7b5cd7b62

  • SHA1

    fdf3ab6aa2b9dfbe03af62c8539a470f6daed9fe

  • SHA256

    51c09c83b23e95da67b3ba6f227cda5b152dd87a12480e22637cb70ddfae6ea0

  • SHA512

    576b23259ec2ab32db15314e37b627c0f985252bf152f1ad7d8d75efd8e77f73c6081eb914c8c87c04e8650addebffdcf8ac66b0a7006b058c4cd95621e8ea36

  • SSDEEP

    49152:74f65cTlG8AMHcn3obb0PBgFIDRRAubt5M:7SG8AM8iUf

Malware Config

Targets

    • Target

      2024-10-21_29b2d4fe10aa7b1ac5cd22d7b5cd7b62_cobalt-strike_ryuk

    • Size

      1.7MB

    • MD5

      29b2d4fe10aa7b1ac5cd22d7b5cd7b62

    • SHA1

      fdf3ab6aa2b9dfbe03af62c8539a470f6daed9fe

    • SHA256

      51c09c83b23e95da67b3ba6f227cda5b152dd87a12480e22637cb70ddfae6ea0

    • SHA512

      576b23259ec2ab32db15314e37b627c0f985252bf152f1ad7d8d75efd8e77f73c6081eb914c8c87c04e8650addebffdcf8ac66b0a7006b058c4cd95621e8ea36

    • SSDEEP

      49152:74f65cTlG8AMHcn3obb0PBgFIDRRAubt5M:7SG8AM8iUf

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks