General

  • Target

    2025-01-19_6331546946746cdb03702f23e38aab46_cobalt-strike_ryuk

  • Size

    5.4MB

  • Sample

    250119-ys6m7stqdj

  • MD5

    6331546946746cdb03702f23e38aab46

  • SHA1

    72024b3d186192441b010f0e904997671c3f6d6a

  • SHA256

    4415ea1801a72507503a642fd84aeba529269b079edc2c522fba9d01b4acf320

  • SHA512

    db93e5d734150b04ec6f2985a47ae31d2c7ce0bcc91d4b8b6a8f20a3fcf9f753a123dd6bbbd7e37e1c08d044007f5202ef53074293c4f9b814f7f9be6d28e369

  • SSDEEP

    49152:50kwIi7c4xZlm5knEtw99Kn/2vim7vgv6m+yyJ/0gbvjy7yY7BHi3u7L/gBUUWL8:JwfhY7g/rLO7yYA3awr341g4D527BWG

Malware Config

Targets

    • Target

      2025-01-19_6331546946746cdb03702f23e38aab46_cobalt-strike_ryuk

    • Size

      5.4MB

    • MD5

      6331546946746cdb03702f23e38aab46

    • SHA1

      72024b3d186192441b010f0e904997671c3f6d6a

    • SHA256

      4415ea1801a72507503a642fd84aeba529269b079edc2c522fba9d01b4acf320

    • SHA512

      db93e5d734150b04ec6f2985a47ae31d2c7ce0bcc91d4b8b6a8f20a3fcf9f753a123dd6bbbd7e37e1c08d044007f5202ef53074293c4f9b814f7f9be6d28e369

    • SSDEEP

      49152:50kwIi7c4xZlm5knEtw99Kn/2vim7vgv6m+yyJ/0gbvjy7yY7BHi3u7L/gBUUWL8:JwfhY7g/rLO7yYA3awr341g4D527BWG

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks