ryuk | 7bac5c10d02534007f1efb371885ae3918d21d394371f92d4e6455b58b4e16ad | Triage

Resubmissions

30-01-2025 16:42

250130-t73smsynhn 10

28-01-2025 18:40

250128-xbd17a1kej 10

Sharing

General

Target

240911-aseygssepl_pw_infected.zip
Size

65KB
Sample

250130-t73smsynhn
MD5

8f8be5dfe62044cea1d3f7418b5224c8
SHA1

28644e5303d01e42f80ffdf3a762423c9592b95b
SHA256

7bac5c10d02534007f1efb371885ae3918d21d394371f92d4e6455b58b4e16ad
SHA512

4521f937f81fb0ee82673de4c79e09d50056378f4c00c9b6ce5d68f1a542f20ec527120671d79db65d409829185336262bc7cf8f2ccd2557a4226782c1566fe0
SSDEEP

1536:UP2JsUHlicNKEcYYCE7m/USt/njDG5ixh4Qy26DCkK/0QoUciT30:Q0CNYYCHpG6NcDQ/0Qtlk

Score

10^/10

ryuk credential_access discovery ransomware spyware stealer

Malware Config

Targets

- Target
  
  2024-09-11_13f929e2cc03dbe1780cce33b7dce110_ryuk
- Size
  
  436KB
- MD5
  
  13f929e2cc03dbe1780cce33b7dce110
- SHA1
  
  80c4da8863796f0e1cdbb1e72e8678e679526a4d
- SHA256
  
  dcb9ec0cc6bdce89df3df0c0ca4170829f6897decd78c5365ea6e7802f3c0941
- SHA512
  
  91b0f91be9376884041efcc1aac5eaf5e62c516a48ed7d48c4d2dac5cd23681faba24e088c9131ebfcc1ee60090ba0097dd276a5e235f07cce6c4bf4afa2fd92
- SSDEEP
  
  1536:N9QXhvCxVUzRTco+TlNXKldmmYp3d7Ye58zFFg2fahT5wXwtQyHsWSJcdH4JNMwm:IUDYoGyp3dEe+kIamQIYH4/M
Score

10^/10

ryuk credential_access discovery ransomware stealer spyware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Ryuk family
  ryuk
- Renames multiple (8077) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Drops startup file
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ryukcredential_accessdiscoveryransomwarestealer

behavioral2

ryukcredential_accessdiscoveryransomwarespywarestealer