General

  • Target

    2024-11-14_9e0898e1a4dc99bd4a8050b8b5122965_cobalt-strike_ryuk

  • Size

    1.8MB

  • Sample

    241114-m8w8xsydlj

  • MD5

    9e0898e1a4dc99bd4a8050b8b5122965

  • SHA1

    0f249fc1c182fc2513e5af811e50254761c9ba5b

  • SHA256

    54ea9e40e05ee2a17189ee6646474521223dbccb48e02b3fa2334996c024e30d

  • SHA512

    7b836386e694aa1976a13d903675a79f73713f8dacbc05e111955859931ef530291c17aaaf7ca0aebb9f6f50b549c76e1250302172c140399d7b67e228c4178d

  • SSDEEP

    49152:ZKfuPS3ELNjV7IZxEfOfOgwf04kQ/qoLEw:am9sZxwgYqo4w

Malware Config

Targets

    • Target

      2024-11-14_9e0898e1a4dc99bd4a8050b8b5122965_cobalt-strike_ryuk

    • Size

      1.8MB

    • MD5

      9e0898e1a4dc99bd4a8050b8b5122965

    • SHA1

      0f249fc1c182fc2513e5af811e50254761c9ba5b

    • SHA256

      54ea9e40e05ee2a17189ee6646474521223dbccb48e02b3fa2334996c024e30d

    • SHA512

      7b836386e694aa1976a13d903675a79f73713f8dacbc05e111955859931ef530291c17aaaf7ca0aebb9f6f50b549c76e1250302172c140399d7b67e228c4178d

    • SSDEEP

      49152:ZKfuPS3ELNjV7IZxEfOfOgwf04kQ/qoLEw:am9sZxwgYqo4w

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks