General
-
Target
2024-11-21_852656b9342fa5b987d15b6c01565e60_cova_ryuk
-
Size
577KB
-
Sample
241121-mvcx5awken
-
MD5
852656b9342fa5b987d15b6c01565e60
-
SHA1
2a1404ccf09e8c9e616e9f4039d9b98a2e0fa2c8
-
SHA256
d93f73c6469bd56ad4d1b9d07e4d5b271beb0c012d17c5576b18ebc35588e9ab
-
SHA512
68eb9f0b61477978a583b8b5a8b2f3dbd51f7e5c23f6d96a4aec218c64ef5efa6db7be7fd3b7010fcf20607a1ca51cb6689b4e66b1f85e34bfdbedc0739d214d
-
SSDEEP
12288:nctEagGmcl4gBF1BRnI6hAVebOe1AFdMpUrMZ9uEIZc0b:aR+cl7X1BRnI6hmebOe1AbHWuEIZcW
Malware Config
Targets
-
-
Target
2024-11-21_852656b9342fa5b987d15b6c01565e60_cova_ryuk
-
Size
577KB
-
MD5
852656b9342fa5b987d15b6c01565e60
-
SHA1
2a1404ccf09e8c9e616e9f4039d9b98a2e0fa2c8
-
SHA256
d93f73c6469bd56ad4d1b9d07e4d5b271beb0c012d17c5576b18ebc35588e9ab
-
SHA512
68eb9f0b61477978a583b8b5a8b2f3dbd51f7e5c23f6d96a4aec218c64ef5efa6db7be7fd3b7010fcf20607a1ca51cb6689b4e66b1f85e34bfdbedc0739d214d
-
SSDEEP
12288:nctEagGmcl4gBF1BRnI6hAVebOe1AFdMpUrMZ9uEIZc0b:aR+cl7X1BRnI6hmebOe1AbHWuEIZcW
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-