General
-
Target
2024-11-11_2d17f0e0ebb5de4dbe37003dd9f5792c_cova_ryuk
-
Size
378KB
-
Sample
241111-zsa2zawfqf
-
MD5
2d17f0e0ebb5de4dbe37003dd9f5792c
-
SHA1
9566913c13de464f1b34edd07e6f1c69502745ce
-
SHA256
fd3817c82e049f59fae9e4cbf76964475c8a61b36b694b21ef059241bbc3b56e
-
SHA512
a5d7dd5770d8002b4a2bd0b14b6813de15e9ebea1d09274274aac6c7310822fd08ee87edb807d88960ec4a38d3b6e8ec135eca7924b38fcae2bb097be787d679
-
SSDEEP
6144:Y1+tq7z8x95VjwvvGmclZeL92BF1BRn296JTHgOcT3Ob/2e1S8UOX+t45oB:YctEagGmcl4gBF1BRnI6hAVebOe1qOXA
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-11_2d17f0e0ebb5de4dbe37003dd9f5792c_cova_ryuk.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-11-11_2d17f0e0ebb5de4dbe37003dd9f5792c_cova_ryuk.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-11-11_2d17f0e0ebb5de4dbe37003dd9f5792c_cova_ryuk
-
Size
378KB
-
MD5
2d17f0e0ebb5de4dbe37003dd9f5792c
-
SHA1
9566913c13de464f1b34edd07e6f1c69502745ce
-
SHA256
fd3817c82e049f59fae9e4cbf76964475c8a61b36b694b21ef059241bbc3b56e
-
SHA512
a5d7dd5770d8002b4a2bd0b14b6813de15e9ebea1d09274274aac6c7310822fd08ee87edb807d88960ec4a38d3b6e8ec135eca7924b38fcae2bb097be787d679
-
SSDEEP
6144:Y1+tq7z8x95VjwvvGmclZeL92BF1BRn296JTHgOcT3Ob/2e1S8UOX+t45oB:YctEagGmcl4gBF1BRnI6hAVebOe1qOXA
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify System Firewall
1