General

  • Target

    2024-10-21_393e33110ee192b6bea5d2433bbe1fb1_cobalt-strike_ryuk

  • Size

    2.2MB

  • Sample

    241021-llyb2aydnc

  • MD5

    393e33110ee192b6bea5d2433bbe1fb1

  • SHA1

    489bddd76747e6d7b5d8b2c2426693c22194c09c

  • SHA256

    962e764591d0113527c2030305c972f75b31b1659ee8d2ccdc1fc25af0fe3133

  • SHA512

    5af39e5597b4cb3b231440409f26e257cc13192c25e1f59390b6fa6db31583b51681a89c8a1460e4d5555eed1e3be035f321a0deb91bc6d4bbe593d369bd0ae0

  • SSDEEP

    49152:KfzabJ8llj+SWPi2mkx+X+di6ErvL73RLSo+2fhl:PHi2arvvRe12fD

Malware Config

Targets

    • Target

      2024-10-21_393e33110ee192b6bea5d2433bbe1fb1_cobalt-strike_ryuk

    • Size

      2.2MB

    • MD5

      393e33110ee192b6bea5d2433bbe1fb1

    • SHA1

      489bddd76747e6d7b5d8b2c2426693c22194c09c

    • SHA256

      962e764591d0113527c2030305c972f75b31b1659ee8d2ccdc1fc25af0fe3133

    • SHA512

      5af39e5597b4cb3b231440409f26e257cc13192c25e1f59390b6fa6db31583b51681a89c8a1460e4d5555eed1e3be035f321a0deb91bc6d4bbe593d369bd0ae0

    • SSDEEP

      49152:KfzabJ8llj+SWPi2mkx+X+di6ErvL73RLSo+2fhl:PHi2arvvRe12fD

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks