azov | f7804b28924475bb1d81a1bd0e9a8da396e8e199aab7584b90e4da5a1b00b49b | Triage

Sharing

General

Target

f7804b28924475bb1d81a1bd0e9a8da396e8e199aab7584b90e4da5a1b00b49b.exe
Size

545KB
Sample

221114-fb9peseg97
MD5

bdcfaa15c2afef3f66a0fdce7fcc1cbd
SHA1

eae325decfa0d906a2a5ca96fe0fa520ef87a79b
SHA256

f7804b28924475bb1d81a1bd0e9a8da396e8e199aab7584b90e4da5a1b00b49b
SHA512

da996cbee230e158bfd55cd3dc063eadfd67c08bcf35be3d5934c853ba4736a232ec63b0fc53b6133deff87e7a6fcfcf0789167bc55011da357110e411d31708
SSDEEP

12288:Ces9JMYkt+FY4QhvblqGNxq9bdPH9KMR+s/:CLkYY4Q1Rr09bdPK6

Score

10^/10

azov persistence ransomware wiper

Malware Config

Targets

- Target
  
  f7804b28924475bb1d81a1bd0e9a8da396e8e199aab7584b90e4da5a1b00b49b.exe
- Size
  
  545KB
- MD5
  
  bdcfaa15c2afef3f66a0fdce7fcc1cbd
- SHA1
  
  eae325decfa0d906a2a5ca96fe0fa520ef87a79b
- SHA256
  
  f7804b28924475bb1d81a1bd0e9a8da396e8e199aab7584b90e4da5a1b00b49b
- SHA512
  
  da996cbee230e158bfd55cd3dc063eadfd67c08bcf35be3d5934c853ba4736a232ec63b0fc53b6133deff87e7a6fcfcf0789167bc55011da357110e411d31708
- SSDEEP
  
  12288:Ces9JMYkt+FY4QhvblqGNxq9bdPH9KMR+s/:CLkYY4Q1Rr09bdPK6
Score

10^/10

azov persistence ransomware wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

azovpersistenceransomwarewiper