azov | dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91 | Triage

Sharing

General

Target

dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.exe
Size

189KB
Sample

221114-faj3daeg83
MD5

c8440437385f5d0018a1b47af689d948
SHA1

88ccafc5f1b5d31e6886f34e1176253267ac80d4
SHA256

dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91
SHA512

86832d9cb60792575166dd64582b44d1758f1433b7de09ecae40b66d923a3cb5220604eab44fee460485bdd10a8922b737c998a5c99cfff17e8683bddcd978a8
SSDEEP

3072:RplB7e7MRzRTrPU39BLGiKMll6rmsH5LIJIp+f5CC3CvcZtsSp:DlB7e7WzR/Ps9pK4l6rmoOIp+xWcZtpp

Score

10^/10

azov persistence ransomware wiper

Malware Config

Targets

- Target
  
  dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.exe
- Size
  
  189KB
- MD5
  
  c8440437385f5d0018a1b47af689d948
- SHA1
  
  88ccafc5f1b5d31e6886f34e1176253267ac80d4
- SHA256
  
  dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91
- SHA512
  
  86832d9cb60792575166dd64582b44d1758f1433b7de09ecae40b66d923a3cb5220604eab44fee460485bdd10a8922b737c998a5c99cfff17e8683bddcd978a8
- SSDEEP
  
  3072:RplB7e7MRzRTrPU39BLGiKMll6rmsH5LIJIp+f5CC3CvcZtsSp:DlB7e7WzR/Ps9pK4l6rmoOIp+xWcZtpp
Score

10^/10

azov persistence ransomware wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

azovpersistenceransomwarewiper