General

  • Target

    2025-01-19_1188119ce396bdeb1487e539113d8fb3_cobalt-strike_ryuk

  • Size

    5.4MB

  • Sample

    250119-y1m6tstnev

  • MD5

    1188119ce396bdeb1487e539113d8fb3

  • SHA1

    ba4a8e617cf3085d682351973977b263d4d7f4cb

  • SHA256

    84dbde75d9b9cd4a2b889dffea16c888b556df84af7b16e450318cfd6f7fe481

  • SHA512

    ceaa22d33e0692f2c684ba1feafacd09835744633cb0d576a1840c89b6980f8842ec839a7e99e59f966cf4e4aa55158749bb4131cbc306750dcec4aa9436b6c4

  • SSDEEP

    49152:W0kwIi7c4xZlm5knEtw99Kn/2vim7vgv6m+yyJ/0gbvjy7yY7BHi3u7L/gBUUWL8:AwfhY7g/rLO7yYA3awr341g4D527BWG

Malware Config

Targets

    • Target

      2025-01-19_1188119ce396bdeb1487e539113d8fb3_cobalt-strike_ryuk

    • Size

      5.4MB

    • MD5

      1188119ce396bdeb1487e539113d8fb3

    • SHA1

      ba4a8e617cf3085d682351973977b263d4d7f4cb

    • SHA256

      84dbde75d9b9cd4a2b889dffea16c888b556df84af7b16e450318cfd6f7fe481

    • SHA512

      ceaa22d33e0692f2c684ba1feafacd09835744633cb0d576a1840c89b6980f8842ec839a7e99e59f966cf4e4aa55158749bb4131cbc306750dcec4aa9436b6c4

    • SSDEEP

      49152:W0kwIi7c4xZlm5knEtw99Kn/2vim7vgv6m+yyJ/0gbvjy7yY7BHi3u7L/gBUUWL8:AwfhY7g/rLO7yYA3awr341g4D527BWG

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks