Overview

overview

10

Static

static

3

0195976bef...c8.exe

windows10-ltsc 2021-x64

10

Resubmissions

28-01-2025 21:13

250128-z2z3fsvkfn 10

28-01-2025 19:27

250128-x6bjjsyphy 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240304-vnxmysgg24_pw_infected.zip

  • Size

    89KB

  • Sample

    250128-z2z3fsvkfn

  • MD5

    3f34f76b71276b18f415bb3a3d989c43

  • SHA1

    21bdeff55713432a9b4068f0d2f00dd44ac2a9da

  • SHA256

    8b757a5c244ebda280fcf7eeedb5137809d31a6e0ae09bce13cb6c20ec4163f3

  • SHA512

    c17ae895d6dc70f83973600765de599c81f191eb10b674ddd45ca2cad59e5e7bcf30e1e9493214a5653701d121e0b3c7254a838b6e873026e4cfcd19da7ea3da

  • SSDEEP

    1536:jRcNCjAeNAGcUcBfXrab1MQiYxWnxQt+hLFAlK0WE5Q4+etT/yj4lu+Fc1MvBDfs:9cEqGXcdab1jx4OAhWTcZQZv9s

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

F:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each network host have been encrypted with a strong algorithm. Backups were encrypted too. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. Only we have exclusive decryption software, suitable for your situation. More than a year ago, world experts recognized the impossibility of such encryption deciphering by any means except the original decoder. No decryption software is available in the public. Antivirus companies, researchers, IT specialists, and any other persons cannot help you to decipher the data. Decryption takes from ten minutes up to several hours. It is performed automatically and doesn't require from you any actions except decoder launching. DO NOT RESET OR SHUTDOWN SYSTEM � files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions. Send 2 different random files and you will get them back decrypted. It can be from different computers on your network to be sure that one key decrypts everything. We will unlock 2 files for free. To get info (decrypt your files) contact us a [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Targets

    • Target

      0195976bef64857fc4c658d47e08463c1c733a879b793642813df10904c3a8c8

    • Size

      212KB

    • MD5

      9951b7f5344d5d0e6728f90c1ffd0a3f

    • SHA1

      5252a37cc0c4171f6261fbcc418d4fca83f0a543

    • SHA256

      0195976bef64857fc4c658d47e08463c1c733a879b793642813df10904c3a8c8

    • SHA512

      2ce934dbeb9888e8125856d0158f23a6c5d007a55f9d71287e308bcf312674642496a1f2aadfe276361b5c4945e37a5c3edde3be83dbdb8d531123fb2335f50f

    • SSDEEP

      3072:skoemwJEECCvcVbQQFrUoR19V6To0Hqs3WvQ:ZEECCElQk3wqFQ

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Ryuk family

      ryuk

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks