General
-
Target
2024-11-28_b955a003f7365e8c50687d0901d9dbf8_ryuk
-
Size
161KB
-
Sample
241128-bnrbdsyngv
-
MD5
b955a003f7365e8c50687d0901d9dbf8
-
SHA1
760314c901d81a85f74213185d2a28eec4f2007b
-
SHA256
26f90bcfd6a4439369da73ceebea471fdc8d5cdaca9c1ce260b43b3410ef77d2
-
SHA512
50395286d5b5e65538cfb7c15c46cb5c718ea106571fe6700c123e3e974dd6a5520971699daa0c4b762f2e1e5d9e334b37fac2260e8f2b84abed8a4cb8b03061
-
SSDEEP
3072:DzpdNvL55JguE/075wkp/rJWT2fmFSYaz86VFbBBJfq9YaQ6OvL8:HT955Jxi07T5rJBfmI0X
Malware Config
Targets
-
-
Target
2024-11-28_b955a003f7365e8c50687d0901d9dbf8_ryuk
-
Size
161KB
-
MD5
b955a003f7365e8c50687d0901d9dbf8
-
SHA1
760314c901d81a85f74213185d2a28eec4f2007b
-
SHA256
26f90bcfd6a4439369da73ceebea471fdc8d5cdaca9c1ce260b43b3410ef77d2
-
SHA512
50395286d5b5e65538cfb7c15c46cb5c718ea106571fe6700c123e3e974dd6a5520971699daa0c4b762f2e1e5d9e334b37fac2260e8f2b84abed8a4cb8b03061
-
SSDEEP
3072:DzpdNvL55JguE/075wkp/rJWT2fmFSYaz86VFbBBJfq9YaQ6OvL8:HT955Jxi07T5rJBfmI0X
Score8/10-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-