surtr | 2025-03-06_6c2b5d1e5204f83e16265da3600d48e0_ryuk | Triage

Sharing

General

Target

2025-03-06_6c2b5d1e5204f83e16265da3600d48e0_ryuk
Size

1.3MB
MD5

6c2b5d1e5204f83e16265da3600d48e0
SHA1

dc40c80e3444ca688779cd81a2b93964fa909b89
SHA256

805cb28b3e595afe97a6e4ac5051ca11b34d72f4dff2af4581cf74a6b126af43
SHA512

5d2eb6e70eda83e491bbc993eec57c35245a9340f6526e6e0abad3c1ebe0c3457e0efc5c6012463ece384de771bb76b3e3f0cf8357a8e71f7c7ac18d66af4e78
SSDEEP

24576:rdtwbXPGBkNXi/Z479uN0/XuNRMLDy5VURkmqpK1Oshy1ZT2rpo3NahUXz+xRE3n:rxLyEuPFvN/a

Score

10^/10

surtr

Malware Config

Signatures

Detects Surtr Payload 1 IoCs

resource	yara_rule
sample	family_surtr

Surtr family
surtr

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-06_6c2b5d1e5204f83e16265da3600d48e0_ryuk

Files

2025-03-06_6c2b5d1e5204f83e16265da3600d48e0_ryuk
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ