MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ryuk


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204
SHA3-384 hash: 982b10dbba5adb77ed7f005f7e1f2be520062c71b616325bb879594d7279ffc44e3fa6b845cb082c731c29bfeb0451e0
SHA1 hash: 241c9d33d0a0a4ea55e33da25e264612ca965384
MD5 hash: 45898f41cf503d594a008038281b0d48
humanhash: stream-charlie-pasta-mississippi
File name:5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204.bin
Download: download sample
Signature Ryuk
Create hunting rule
File size:278'528 bytes
First seen:2020-10-27 14:04:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e5b44ef262abbb9d728bbe03f8aa847e (2 x Ryuk)
ssdeep 3072:iySEX2o8a2hdurZX8KnXJ3c3h5TLTb0bnKzQ/xyZavDZInlnYIPZ9G0mwfy:D/mo32bux8xj0jjxXv2+IP96
Threatray 1 similar samples on MalwareBazaar
TLSH 75449E98F1A1D572F8B1067015D745276A2F393237A48C7BA3C1463F6A625C0FF27A27
Reporter Arkbird_SOLG
Tags:Ransomware Ryuk


Avatar
ArkbirdDevil
Extension -> .aapp

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'760
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79948/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/513708
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204/
Threat name:
Win32.Trojan.Ryuk
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 01:26:16 UTC
File Type:
PE (Exe)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmpsikxob2v5jx76ud7f6cfluyfl67endzhx7rzvpl37edgnaica._file
Verdict:
unknown
Similar samples:
146de084ff60046edb599a6f8ae1503aa2a7f39c550807e9af069c2e8c9ea34c
Ryuk
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201027-jcjf4g1pkn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
XPACK
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Ryuk

Executable exe 92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed

Ryuk

Executable exe 5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204

(this sample)

  
Link
https://github.com/StrangerealIntel/DailyIOC/blob/master/2020-10-27/RYUK/Ran_Ruyk_Oct2020_2.yar
  
Dropped by
SHA256 92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/79948/

Comments