General
-
Target
2025-01-11_bff384aa2ad790c0b2d9e6cead6e6f19_cobalt-strike_ryuk
-
Size
1.9MB
-
Sample
250111-b8pcjazqdj
-
MD5
bff384aa2ad790c0b2d9e6cead6e6f19
-
SHA1
66cd01171e006bbe655cda0364ee9aff631384af
-
SHA256
1a9978c82715c31612a9b3e885b3a5aec050645913d4546217768fa763d33142
-
SHA512
962096259e2cc5d96b676019e872847cbcbbb30eb2642160374a9095bb122d94aae6bdd4b5391069cbb21723ea073379cf8dc01e1bb8f00e07493beb2f516c00
-
SSDEEP
24576:Mix5BM9/ea/bxXK/lgyPVDMPKe51kc/XiqPNuMeZLc7dKifbTu1KAQilof9N3gCk:MoBMb/N8P2S/cetc7drbcKZdfo
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-11_bff384aa2ad790c0b2d9e6cead6e6f19_cobalt-strike_ryuk.exe
Resource
win7-20240903-en
Malware Config
Extracted
meduza
209.127.36.90
-
anti_dbg
true
-
anti_vm
true
-
build_name
123
-
extensions
.txt; .doc; .xlsx
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
2025-01-11_bff384aa2ad790c0b2d9e6cead6e6f19_cobalt-strike_ryuk
-
Size
1.9MB
-
MD5
bff384aa2ad790c0b2d9e6cead6e6f19
-
SHA1
66cd01171e006bbe655cda0364ee9aff631384af
-
SHA256
1a9978c82715c31612a9b3e885b3a5aec050645913d4546217768fa763d33142
-
SHA512
962096259e2cc5d96b676019e872847cbcbbb30eb2642160374a9095bb122d94aae6bdd4b5391069cbb21723ea073379cf8dc01e1bb8f00e07493beb2f516c00
-
SSDEEP
24576:Mix5BM9/ea/bxXK/lgyPVDMPKe51kc/XiqPNuMeZLc7dKifbTu1KAQilof9N3gCk:MoBMb/N8P2S/cetc7drbcKZdfo
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-