General

  • Target

    2024-11-08_259ed8b436e06e9d0a46973979f1c308_cobalt-strike_ryuk

  • Size

    3.2MB

  • Sample

    241108-sd48yavajd

  • MD5

    259ed8b436e06e9d0a46973979f1c308

  • SHA1

    8755d1c6fc9cb7eec87175e2f327964e61d85681

  • SHA256

    44a4a04dea7eca8a5909b42900a0367f3bd9c188e660e705bcdb12345ab4b509

  • SHA512

    738fe89a19ce52f10156fd0ee3189b9a9e302e735ed4232228b733db0425c9641e216482aff636cf18de9e56a19ef8195d2c103a18e8b883aef88f5d06231931

  • SSDEEP

    49152:V5k1YCdptya507NUUWn043oHS3fTIYwVq1/xT3DDbw0TUqypkQ/qoLEw:1NhSMYw8yBqo4w

Malware Config

Targets

    • Target

      2024-11-08_259ed8b436e06e9d0a46973979f1c308_cobalt-strike_ryuk

    • Size

      3.2MB

    • MD5

      259ed8b436e06e9d0a46973979f1c308

    • SHA1

      8755d1c6fc9cb7eec87175e2f327964e61d85681

    • SHA256

      44a4a04dea7eca8a5909b42900a0367f3bd9c188e660e705bcdb12345ab4b509

    • SHA512

      738fe89a19ce52f10156fd0ee3189b9a9e302e735ed4232228b733db0425c9641e216482aff636cf18de9e56a19ef8195d2c103a18e8b883aef88f5d06231931

    • SSDEEP

      49152:V5k1YCdptya507NUUWn043oHS3fTIYwVq1/xT3DDbw0TUqypkQ/qoLEw:1NhSMYw8yBqo4w

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks