General

  • Target

    2024-11-08_45afb8e093b7ab1794807114d9f16653_cobalt-strike_ryuk

  • Size

    6.2MB

  • Sample

    241108-rsk8yawndm

  • MD5

    45afb8e093b7ab1794807114d9f16653

  • SHA1

    5cc5e6fe4dc873c4a8e9e4e5611547fc6d1e5380

  • SHA256

    e65364d8dd1047eabfa29eb8b08970d0571c03edc9cd4d0094ad11a548a98f14

  • SHA512

    06f1bf52592a182644a904def75e4f3b74df73c879bb30242892cd6fda07907872fc2c3135972262538ae00b05d04ca05e13b30560ed68b17ed829b9881025d2

  • SSDEEP

    98304:naNewOzj/0I/v7lyCsDkV/i+3Kf7SWD527BWG:namRxsDt+3KfBVQBWG

Malware Config

Targets

    • Target

      2024-11-08_45afb8e093b7ab1794807114d9f16653_cobalt-strike_ryuk

    • Size

      6.2MB

    • MD5

      45afb8e093b7ab1794807114d9f16653

    • SHA1

      5cc5e6fe4dc873c4a8e9e4e5611547fc6d1e5380

    • SHA256

      e65364d8dd1047eabfa29eb8b08970d0571c03edc9cd4d0094ad11a548a98f14

    • SHA512

      06f1bf52592a182644a904def75e4f3b74df73c879bb30242892cd6fda07907872fc2c3135972262538ae00b05d04ca05e13b30560ed68b17ed829b9881025d2

    • SSDEEP

      98304:naNewOzj/0I/v7lyCsDkV/i+3Kf7SWD527BWG:namRxsDt+3KfBVQBWG

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks