MalwareAnalysisSeries

This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules


Project maintained by shaddy43 Hosted on GitHub Pages — Theme by mattgraham

Ryuk Ransomware

Ryuk Ransomware Image

This analysis report provides a detailed examination of the Ryuk ransomware, a sophisticated threat leveraging a potent combination of a high-speed multi-threaded encryptor, AES, and RSA encryption algorithms. Ryuk employs advanced techniques such as process injection, significantly increasing the speed of infection by exploiting a multitude of processes concurrently.

Ryuk Ransomware Analysis PDF Report



In this repo, the original sample of Ryuk is provided along with its extracted Stage2 sample. A third sample is also provided (stage2_injector_defanged.rar) which is patched to avoid injecting in other processes. The password is “infected” for all archieves.

A list of extraced API’s are provide in the API_list text file in directory “tools_and_scripts”.

Ryuk Ransomware TTPs

TTP Description Code Detection
Impact: Data Encrypted for Impact Ryuk Ransomware encrypts every file with a different key and embed the encrypted key as meta to the end of each encrypted file Code Rule/Query Coming Soon!
TTPs More coming soon... Code coming soon... Rule\Query coming soon...