MalwareAnalysisSeries
This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules
Project maintained by shaddy43 Hosted on GitHub Pages — Theme by mattgraham
Ryuk Ransomware
This analysis report provides a detailed examination of the Ryuk ransomware, a sophisticated threat leveraging a potent combination of a high-speed multi-threaded encryptor, AES, and RSA encryption algorithms. Ryuk employs advanced techniques such as process injection, significantly increasing the speed of infection by exploiting a multitude of processes concurrently.
Ryuk Ransomware Analysis PDF Report
In this repo, the original sample of Ryuk is provided along with its extracted Stage2 sample. A third sample is also provided (stage2_injector_defanged.rar) which is patched to avoid injecting in other processes. The password is “infected” for all archieves.
A list of extraced API’s are provide in the API_list text file in directory “tools_and_scripts”.
Ryuk Ransomware TTPs
| TTP | Description | Code | Detection |
|---|---|---|---|
| Impact: Data Encrypted for Impact | Ryuk Ransomware encrypts every file with a different key and embed the encrypted key as meta to the end of each encrypted file | Code | Rule/Query Coming Soon! |
| TTPs | More coming soon... | Code coming soon... | Rule\Query coming soon... |