azov | 0527031dd15a1645b0b05b1403c87e4e09084f7c8dbae18477ee2a1be854a1fe | Triage

Sharing

General

Target

2024-02-06_862d52ff6b90af9af29bed0b3369f9cf_ryuk
Size

691KB
Sample

240206-f56vmaabcr
MD5

862d52ff6b90af9af29bed0b3369f9cf
SHA1

73b0a4288ca6cf6298bcec2284b74bbdd314fceb
SHA256

0527031dd15a1645b0b05b1403c87e4e09084f7c8dbae18477ee2a1be854a1fe
SHA512

8a112f456e8f880d6ab0fc696e455afb70886fa65c8f107f579407ef33e3759a06e3401257fe64d9d412b654dbe6ed3105644add53143c14b0c8348bde2093dd
SSDEEP

6144:WN2JM9r9U4fLms97Ys3zJUvPLLHZeLGAid3sc09xJTtP7/F30EGZ7p:WN2JKLms98QzI/GGAidc39MEGp

Score

10^/10

azov persistence ransomware wiper

Malware Config

Targets

- Target
  
  2024-02-06_862d52ff6b90af9af29bed0b3369f9cf_ryuk
- Size
  
  691KB
- MD5
  
  862d52ff6b90af9af29bed0b3369f9cf
- SHA1
  
  73b0a4288ca6cf6298bcec2284b74bbdd314fceb
- SHA256
  
  0527031dd15a1645b0b05b1403c87e4e09084f7c8dbae18477ee2a1be854a1fe
- SHA512
  
  8a112f456e8f880d6ab0fc696e455afb70886fa65c8f107f579407ef33e3759a06e3401257fe64d9d412b654dbe6ed3105644add53143c14b0c8348bde2093dd
- SSDEEP
  
  6144:WN2JM9r9U4fLms97Ys3zJUvPLLHZeLGAid3sc09xJTtP7/F30EGZ7p:WN2JKLms98QzI/GGAidc39MEGp
Score

10^/10

azov persistence ransomware wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azovpersistenceransomwarewiper

behavioral2