azov | ef4f9158cd675550869df82d864c97a6f8984896dd7941366845aeb32588ef13 | Triage

Sharing

General

Target

ef4f9158cd675550869df82d864c97a6f8984896dd7941366845aeb32588ef13.exe
Size

7.9MB
Sample

221114-fbn3qaeg89
MD5

d1d8f96f41a624bec2c0a55d874f8518
SHA1

072ec53de45cf1459d4625b01d1ed0ede8199253
SHA256

ef4f9158cd675550869df82d864c97a6f8984896dd7941366845aeb32588ef13
SHA512

95af9fd314afa0257605325b3ee11b4f1e0d19b40d97f3f6df2362d7da11c66af3a52f51b4881dd7e3a40899ce59465ff838bdd7f08c6a2d6db6744e71c43f44
SSDEEP

49152:IyTkZyH/xxHZiE/Qc/YmQd6ZhSOJV6yVucWTSJcHVSIL0Ni//Mpt3SKLAPVgbKWO:Pild6Pb7f/qXM3ih4w3D7nTsReRR9J

Score

10^/10

azov persistence ransomware wiper

Malware Config

Targets

- Target
  
  ef4f9158cd675550869df82d864c97a6f8984896dd7941366845aeb32588ef13.exe
- Size
  
  7.9MB
- MD5
  
  d1d8f96f41a624bec2c0a55d874f8518
- SHA1
  
  072ec53de45cf1459d4625b01d1ed0ede8199253
- SHA256
  
  ef4f9158cd675550869df82d864c97a6f8984896dd7941366845aeb32588ef13
- SHA512
  
  95af9fd314afa0257605325b3ee11b4f1e0d19b40d97f3f6df2362d7da11c66af3a52f51b4881dd7e3a40899ce59465ff838bdd7f08c6a2d6db6744e71c43f44
- SSDEEP
  
  49152:IyTkZyH/xxHZiE/Qc/YmQd6ZhSOJV6yVucWTSJcHVSIL0Ni//Mpt3SKLAPVgbKWO:Pild6Pb7f/qXM3ih4w3D7nTsReRR9J
Score

10^/10

azov persistence ransomware wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

azovpersistenceransomwarewiper