General

  • Target

    2024-11-08_1f303d1b642abea67f2155370b1337d2_cobalt-strike_ryuk

  • Size

    1.7MB

  • Sample

    241108-ssledavcqr

  • MD5

    1f303d1b642abea67f2155370b1337d2

  • SHA1

    e8367e24e3a922debe1a299f1052aaa9801e2fbc

  • SHA256

    5885c3e283fda2495acec671445de9e009af882bb48526a8e9016c982cf2ca8a

  • SHA512

    062bca70460a7c643d1c89e0a55617474be829f75458ceea47e6880ee5494c10ebc61b1c691adfe804889620169ae6f434ce22560c3a1d835385eb24c1472ba9

  • SSDEEP

    49152:P4f65cTlG8NMHcn3obb0Px/snji6attJM:PSG8NM8lEnW6at

Malware Config

Targets

    • Target

      2024-11-08_1f303d1b642abea67f2155370b1337d2_cobalt-strike_ryuk

    • Size

      1.7MB

    • MD5

      1f303d1b642abea67f2155370b1337d2

    • SHA1

      e8367e24e3a922debe1a299f1052aaa9801e2fbc

    • SHA256

      5885c3e283fda2495acec671445de9e009af882bb48526a8e9016c982cf2ca8a

    • SHA512

      062bca70460a7c643d1c89e0a55617474be829f75458ceea47e6880ee5494c10ebc61b1c691adfe804889620169ae6f434ce22560c3a1d835385eb24c1472ba9

    • SSDEEP

      49152:P4f65cTlG8NMHcn3obb0Px/snji6attJM:PSG8NM8lEnW6at

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks