General

  • Target

    2024-11-11_2d17f0e0ebb5de4dbe37003dd9f5792c_cova_ryuk

  • Size

    378KB

  • Sample

    241111-zsa2zawfqf

  • MD5

    2d17f0e0ebb5de4dbe37003dd9f5792c

  • SHA1

    9566913c13de464f1b34edd07e6f1c69502745ce

  • SHA256

    fd3817c82e049f59fae9e4cbf76964475c8a61b36b694b21ef059241bbc3b56e

  • SHA512

    a5d7dd5770d8002b4a2bd0b14b6813de15e9ebea1d09274274aac6c7310822fd08ee87edb807d88960ec4a38d3b6e8ec135eca7924b38fcae2bb097be787d679

  • SSDEEP

    6144:Y1+tq7z8x95VjwvvGmclZeL92BF1BRn296JTHgOcT3Ob/2e1S8UOX+t45oB:YctEagGmcl4gBF1BRnI6hAVebOe1qOXA

Malware Config

Targets

    • Target

      2024-11-11_2d17f0e0ebb5de4dbe37003dd9f5792c_cova_ryuk

    • Size

      378KB

    • MD5

      2d17f0e0ebb5de4dbe37003dd9f5792c

    • SHA1

      9566913c13de464f1b34edd07e6f1c69502745ce

    • SHA256

      fd3817c82e049f59fae9e4cbf76964475c8a61b36b694b21ef059241bbc3b56e

    • SHA512

      a5d7dd5770d8002b4a2bd0b14b6813de15e9ebea1d09274274aac6c7310822fd08ee87edb807d88960ec4a38d3b6e8ec135eca7924b38fcae2bb097be787d679

    • SSDEEP

      6144:Y1+tq7z8x95VjwvvGmclZeL92BF1BRn296JTHgOcT3Ob/2e1S8UOX+t45oB:YctEagGmcl4gBF1BRnI6hAVebOe1qOXA

    • Modifies Windows Firewall

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks