General
-
Target
2024-03-02_27b6871781a6f167dc47e5ef5e3a3d6f_ryuk
-
Size
664KB
-
Sample
240302-f6xcksah4z
-
MD5
27b6871781a6f167dc47e5ef5e3a3d6f
-
SHA1
882cf9ffa4f734ed9fa03ffc4b3850eebd2c56a9
-
SHA256
204e1125aab1074be4218c963c61a1dec1af0dd0b8df051f02d38fee15c623a3
-
SHA512
95c37f097eb841f5770cbdcc44b38aebbefcb2a4fb1e4e6903a8b051a841f8dd94a77a4734807685d2c682cc00ea547367684d9986c135d89be1b68a34bc0352
-
SSDEEP
12288:Ts9LjX1SoCU5qJSr1eJYUZ5isO0+ZNtgkAYHUzTshLkwEsYO+:gZSoCU5qJSr1eJYrv0+ZNtgkpeTcC
Malware Config
Targets
-
-
Target
2024-03-02_27b6871781a6f167dc47e5ef5e3a3d6f_ryuk
-
Size
664KB
-
MD5
27b6871781a6f167dc47e5ef5e3a3d6f
-
SHA1
882cf9ffa4f734ed9fa03ffc4b3850eebd2c56a9
-
SHA256
204e1125aab1074be4218c963c61a1dec1af0dd0b8df051f02d38fee15c623a3
-
SHA512
95c37f097eb841f5770cbdcc44b38aebbefcb2a4fb1e4e6903a8b051a841f8dd94a77a4734807685d2c682cc00ea547367684d9986c135d89be1b68a34bc0352
-
SSDEEP
12288:Ts9LjX1SoCU5qJSr1eJYUZ5isO0+ZNtgkAYHUzTshLkwEsYO+:gZSoCU5qJSr1eJYrv0+ZNtgkpeTcC
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Renames multiple (1974) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-