General

  • Target

    2024-11-09_7b46939137b9f66ee89924ce5e1f669a_cobalt-strike_ryuk

  • Size

    1.8MB

  • Sample

    241109-y5jn7szrh1

  • MD5

    7b46939137b9f66ee89924ce5e1f669a

  • SHA1

    7d050db0b8a108ea3c3a4643b65f65abcf046e87

  • SHA256

    21d32c8086756e6f866bb00bc32bbe676aa8469d1316c5e76cab9b899be5f0fb

  • SHA512

    e3d59b6a1e56cc6f6781654da5374c0d9b3bce63e0daafe6dad0212b4765cc6f9a0518846730c737020a49db95cab7ca435b79578723e4d3275d33b5ec43c00e

  • SSDEEP

    49152:jKfuPS3ELNjV7IZxEfOfOgwf0/kQ/qoLEw:Qm9sZxwgrqo4w

Malware Config

Targets

    • Target

      2024-11-09_7b46939137b9f66ee89924ce5e1f669a_cobalt-strike_ryuk

    • Size

      1.8MB

    • MD5

      7b46939137b9f66ee89924ce5e1f669a

    • SHA1

      7d050db0b8a108ea3c3a4643b65f65abcf046e87

    • SHA256

      21d32c8086756e6f866bb00bc32bbe676aa8469d1316c5e76cab9b899be5f0fb

    • SHA512

      e3d59b6a1e56cc6f6781654da5374c0d9b3bce63e0daafe6dad0212b4765cc6f9a0518846730c737020a49db95cab7ca435b79578723e4d3275d33b5ec43c00e

    • SSDEEP

      49152:jKfuPS3ELNjV7IZxEfOfOgwf0/kQ/qoLEw:Qm9sZxwgrqo4w

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks