Overview

overview

10

Static

static

3

650f0d694c...7e.exe

windows7-x64

10

650f0d694c...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ce843364c8f6072de5759368c123f7b2924aa2c11d68d9394ea1e192b76fa18

  • Size

    20KB

  • Sample

    240419-w5y3sach51

  • MD5

    2009a024db69830d3e2154199c547bed

  • SHA1

    560e504a951149d8eb7a90c8d087ea45cd2fde40

  • SHA256

    2ce843364c8f6072de5759368c123f7b2924aa2c11d68d9394ea1e192b76fa18

  • SHA512

    dce54ff6aefe4313fc12f762f7dd10b9040194aa43ede0b3f462f841bfbc68b1608c5ce6aad1b2adaf8da9108ab8de87bb50390fc086a7b4a6c75e32f5e06c8b

  • SSDEEP

    384:M3rwXkBPhpIgTiKmU37CcprBcOyTG/fOphJTSK3U5VaQis4kOzm7N7f:sqkB5RTDmUZzcOyTG/f0hJT2Us6mRT

Score
10/10
azovpersistenceransomwarespywarestealerwiper

Malware Config

Targets

    • Target

      650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e

    • Size

      32KB

    • MD5

      7129291fc3d97377200f8a24ad06930a

    • SHA1

      3f858d2837529e6c973ffa7c26c643e9748e7282

    • SHA256

      650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e

    • SHA512

      6bd4537a79f839c2964a814eed2fd5c217a969632e267afbe028b04a91a410abd594fb45bf1cba954f8be71e6041a923e932994754fcd46cc71a0bbaf4a932a1

    • SSDEEP

      384:s+ImkKRjvD/XlXPRPNTEUZytgSisYuaDhcWNDkSIvrfPxLCk9Hf/z:WKRjvTXlXPRNTRZ6hisYugcXjfNCkl

    Score
    10/10
    azovpersistenceransomwarespywarestealerwiper

    • Azov

      A wiper seeking only damage, first seen in 2022.

      ransomwarewiperazov

    • Renames multiple (8106) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks