General
-
Target
2024-11-06_84f140df4d83ba2ed489ddb1984e3e0b_darkgate_ryuk
-
Size
26.7MB
-
Sample
241106-drcnhssqgz
-
MD5
84f140df4d83ba2ed489ddb1984e3e0b
-
SHA1
70219674b3c80eba6fa3ea692798c3fae46c9721
-
SHA256
007471ad1d9a3179b37fede9ed3df3c6213e113730f7815402001ce59793a0c7
-
SHA512
c8a950c91f4217532fb950c5be9eb414058f40dd9b901f38bd5e51da54fb00d151fa3e7f0a67b5a52fa437fd9d1fc6d8bf102284f210edaf896fb240d0f26c07
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMr:9nwngnwnBRRRVRo
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-06_84f140df4d83ba2ed489ddb1984e3e0b_darkgate_ryuk.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-11-06_84f140df4d83ba2ed489ddb1984e3e0b_darkgate_ryuk.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-11-06_84f140df4d83ba2ed489ddb1984e3e0b_darkgate_ryuk
-
Size
26.7MB
-
MD5
84f140df4d83ba2ed489ddb1984e3e0b
-
SHA1
70219674b3c80eba6fa3ea692798c3fae46c9721
-
SHA256
007471ad1d9a3179b37fede9ed3df3c6213e113730f7815402001ce59793a0c7
-
SHA512
c8a950c91f4217532fb950c5be9eb414058f40dd9b901f38bd5e51da54fb00d151fa3e7f0a67b5a52fa437fd9d1fc6d8bf102284f210edaf896fb240d0f26c07
-
SSDEEP
98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMr:9nwngnwnBRRRVRo
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-