azov | c7a7bd1b4c92ecd04a2cee933a616ed9cb567f82d8316bc8ce873a2ab8850d07 | Triage

Sharing

General

Target

c7a7bd1b4c92ecd04a2cee933a616ed9cb567f82d8316bc8ce873a2ab8850d07.exe
Size

604KB
Sample

221117-gvavwadg49
MD5

3577cc6664949243192fd4a5a9d84ef5
SHA1

cd13a72cbe8b86bd93ed3213f69cad8f1d59f5c8
SHA256

c7a7bd1b4c92ecd04a2cee933a616ed9cb567f82d8316bc8ce873a2ab8850d07
SHA512

2a8d0507dd4ae10d765a120bed60001f1370a71132eef8f04bca384843aac285df939ae531062170a3f57ef676f59b7fa88075db9ab33b4f579e96d321a01d7f
SSDEEP

12288:PPNcYhLgtKYU5Js9R2E18xGZn92r3PGFj7mlr:n+euK22EWxG5983eIF

Score

10^/10

azov persistence ransomware wiper

Malware Config

Targets

- Target
  
  c7a7bd1b4c92ecd04a2cee933a616ed9cb567f82d8316bc8ce873a2ab8850d07.exe
- Size
  
  604KB
- MD5
  
  3577cc6664949243192fd4a5a9d84ef5
- SHA1
  
  cd13a72cbe8b86bd93ed3213f69cad8f1d59f5c8
- SHA256
  
  c7a7bd1b4c92ecd04a2cee933a616ed9cb567f82d8316bc8ce873a2ab8850d07
- SHA512
  
  2a8d0507dd4ae10d765a120bed60001f1370a71132eef8f04bca384843aac285df939ae531062170a3f57ef676f59b7fa88075db9ab33b4f579e96d321a01d7f
- SSDEEP
  
  12288:PPNcYhLgtKYU5Js9R2E18xGZn92r3PGFj7mlr:n+euK22EWxG5983eIF
Score

10^/10

azov persistence ransomware wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

azovpersistenceransomwarewiper