General

  • Target

    2024-11-12_f1195e27aa5eb08f696066917d8b2f8a_cobalt-strike_ryuk

  • Size

    1.8MB

  • Sample

    241112-tylsrszlbr

  • MD5

    f1195e27aa5eb08f696066917d8b2f8a

  • SHA1

    eadfaae41b5fa335cc10828c88914ca38c0dc32a

  • SHA256

    94162d0e32d98e4268c9a5b084c5376f43c19d34e16f08c5a9aadbdb821e7c84

  • SHA512

    759ab1de73ec5ead20c503b128f66e8bf706cc9de462c3e98b9485c670a6be20900273bd2cb240432642ec66b8dc6414f5d32868c9abff8e78e74402722f13ef

  • SSDEEP

    49152:WKfuPS3ELNjV7IZxEfOfOgwf00LkQ/qoLEw:hm9sZxwgGqo4w

Malware Config

Targets

    • Target

      2024-11-12_f1195e27aa5eb08f696066917d8b2f8a_cobalt-strike_ryuk

    • Size

      1.8MB

    • MD5

      f1195e27aa5eb08f696066917d8b2f8a

    • SHA1

      eadfaae41b5fa335cc10828c88914ca38c0dc32a

    • SHA256

      94162d0e32d98e4268c9a5b084c5376f43c19d34e16f08c5a9aadbdb821e7c84

    • SHA512

      759ab1de73ec5ead20c503b128f66e8bf706cc9de462c3e98b9485c670a6be20900273bd2cb240432642ec66b8dc6414f5d32868c9abff8e78e74402722f13ef

    • SSDEEP

      49152:WKfuPS3ELNjV7IZxEfOfOgwf00LkQ/qoLEw:hm9sZxwgGqo4w

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks