Overview

overview

10

Static

static

3

2024-02-06...uk.exe

windows7-x64

10

2024-02-06...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-06_6644b207043e5f9619bc108adf28cfd5_ryuk

  • Size

    691KB

  • Sample

    240206-gf8tcsggf7

  • MD5

    6644b207043e5f9619bc108adf28cfd5

  • SHA1

    928b67e8979847a8b44f803db33796e9e61e1f5b

  • SHA256

    0f9c4fe34505fd05076cea25f82898e7c6536458819c981fc91096ef76a4c148

  • SHA512

    ef28a785fbfb1fb01d2afeae8666c5e4f4d2faf467af3ce75e708907a196e90d32e93f43fbe5ef02eda0cd5ebfe8052f0a10a5fb8d7caf002a51f3441a2c6c54

  • SSDEEP

    6144:3N8qNgz9YUOSpns9aT+zP972LLsbhVTVLWRsw09xJTtP7/F30znex29:3N8qgpns9aaz1WMTVLWKT9MKx29

Score
10/10
azovpersistenceransomwarewiper

Malware Config

Targets

    • Target

      2024-02-06_6644b207043e5f9619bc108adf28cfd5_ryuk

    • Size

      691KB

    • MD5

      6644b207043e5f9619bc108adf28cfd5

    • SHA1

      928b67e8979847a8b44f803db33796e9e61e1f5b

    • SHA256

      0f9c4fe34505fd05076cea25f82898e7c6536458819c981fc91096ef76a4c148

    • SHA512

      ef28a785fbfb1fb01d2afeae8666c5e4f4d2faf467af3ce75e708907a196e90d32e93f43fbe5ef02eda0cd5ebfe8052f0a10a5fb8d7caf002a51f3441a2c6c54

    • SSDEEP

      6144:3N8qNgz9YUOSpns9aT+zP972LLsbhVTVLWRsw09xJTtP7/F30znex29:3N8qgpns9aaz1WMTVLWKT9MKx29

    Score
    10/10
    azovpersistenceransomwarewiper

    • Azov

      A wiper seeking only damage, first seen in 2022.

      ransomwarewiperazov

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks