General

  • Target

    2025-01-19_1826b10f647eaebd481c9018d4355f0c_cobalt-strike_ryuk

  • Size

    5.9MB

  • Sample

    250119-ngme3svmez

  • MD5

    1826b10f647eaebd481c9018d4355f0c

  • SHA1

    e3a8bd24e30c8638eea463512804d8d7e443dd57

  • SHA256

    6b8ccce1fe29be5c29fb3e68b35fc40734db4d16e6167843d9d41065e388c739

  • SHA512

    f3928dc1eb3f962d2fdd5610649ecbc35875f737ea36c01831c1bdfe3f93edfa9837fba64c27c2a9ac00f37baeb0eed27b8eccc1d8fd3adaf68029939c59afbb

  • SSDEEP

    98304:fu9A2NhAl7kJHt4/Z3jmMm3hndJGDGCmS7:fghsFmMApy

Score
7/10

Malware Config

Targets

    • Target

      2025-01-19_1826b10f647eaebd481c9018d4355f0c_cobalt-strike_ryuk

    • Size

      5.9MB

    • MD5

      1826b10f647eaebd481c9018d4355f0c

    • SHA1

      e3a8bd24e30c8638eea463512804d8d7e443dd57

    • SHA256

      6b8ccce1fe29be5c29fb3e68b35fc40734db4d16e6167843d9d41065e388c739

    • SHA512

      f3928dc1eb3f962d2fdd5610649ecbc35875f737ea36c01831c1bdfe3f93edfa9837fba64c27c2a9ac00f37baeb0eed27b8eccc1d8fd3adaf68029939c59afbb

    • SSDEEP

      98304:fu9A2NhAl7kJHt4/Z3jmMm3hndJGDGCmS7:fghsFmMApy

    Score
    7/10
    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks