General

  • Target

    2025-01-19_b730073cf9343544bc7cd0f23e1e3175_ryuk

  • Size

    1.5MB

  • Sample

    250119-y736mavnbp

  • MD5

    b730073cf9343544bc7cd0f23e1e3175

  • SHA1

    d8b18100ca5926133c478c3bb5d2e2ed2ca70d8a

  • SHA256

    5699299b104cce9950604a4252705e59f5f5418d5a3638de2068a48367ddb33f

  • SHA512

    8a5bf3e6a049ee717a38ae22e07ddb695f33b29161bc2dcb4b39d7859a775d4bba6b5e38e8f6fa5802996d1d2d3fae083bd932dd3ffe3e0649bb1d2101c7e109

  • SSDEEP

    24576:9iBE0LqwXeAVmYisqjnhMgeiCl7G0nehbGZpbD:xG5Xe6XmDmg27RnWGj

Malware Config

Targets

    • Target

      2025-01-19_b730073cf9343544bc7cd0f23e1e3175_ryuk

    • Size

      1.5MB

    • MD5

      b730073cf9343544bc7cd0f23e1e3175

    • SHA1

      d8b18100ca5926133c478c3bb5d2e2ed2ca70d8a

    • SHA256

      5699299b104cce9950604a4252705e59f5f5418d5a3638de2068a48367ddb33f

    • SHA512

      8a5bf3e6a049ee717a38ae22e07ddb695f33b29161bc2dcb4b39d7859a775d4bba6b5e38e8f6fa5802996d1d2d3fae083bd932dd3ffe3e0649bb1d2101c7e109

    • SSDEEP

      24576:9iBE0LqwXeAVmYisqjnhMgeiCl7G0nehbGZpbD:xG5Xe6XmDmg27RnWGj

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks