General
-
Target
2025-01-19_b730073cf9343544bc7cd0f23e1e3175_ryuk
-
Size
1.5MB
-
Sample
250119-y736mavnbp
-
MD5
b730073cf9343544bc7cd0f23e1e3175
-
SHA1
d8b18100ca5926133c478c3bb5d2e2ed2ca70d8a
-
SHA256
5699299b104cce9950604a4252705e59f5f5418d5a3638de2068a48367ddb33f
-
SHA512
8a5bf3e6a049ee717a38ae22e07ddb695f33b29161bc2dcb4b39d7859a775d4bba6b5e38e8f6fa5802996d1d2d3fae083bd932dd3ffe3e0649bb1d2101c7e109
-
SSDEEP
24576:9iBE0LqwXeAVmYisqjnhMgeiCl7G0nehbGZpbD:xG5Xe6XmDmg27RnWGj
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-19_b730073cf9343544bc7cd0f23e1e3175_ryuk.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-01-19_b730073cf9343544bc7cd0f23e1e3175_ryuk.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2025-01-19_b730073cf9343544bc7cd0f23e1e3175_ryuk
-
Size
1.5MB
-
MD5
b730073cf9343544bc7cd0f23e1e3175
-
SHA1
d8b18100ca5926133c478c3bb5d2e2ed2ca70d8a
-
SHA256
5699299b104cce9950604a4252705e59f5f5418d5a3638de2068a48367ddb33f
-
SHA512
8a5bf3e6a049ee717a38ae22e07ddb695f33b29161bc2dcb4b39d7859a775d4bba6b5e38e8f6fa5802996d1d2d3fae083bd932dd3ffe3e0649bb1d2101c7e109
-
SSDEEP
24576:9iBE0LqwXeAVmYisqjnhMgeiCl7G0nehbGZpbD:xG5Xe6XmDmg27RnWGj
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Drops file in System32 directory
-