azov | 3a732b3c5dc21123aa388ca1d7966ca412490f65ac5d05c11d698549a9372993 | Triage

Sharing

General

Target

2024-04-19_1b339b557f7d5291fdafb0c7e9b04a87_ryuk
Size

664KB
Sample

240420-ac55qsbh5z
MD5

1b339b557f7d5291fdafb0c7e9b04a87
SHA1

63455745122b4f7347017552bfd375728d52105c
SHA256

3a732b3c5dc21123aa388ca1d7966ca412490f65ac5d05c11d698549a9372993
SHA512

2ce1b2bf90beffa52f843d5e8d2cb5466e881d060a0ac3307867785992b42c744894f51c408064f74415264260c865873e127931883b7c903310ee08f7153ae0
SSDEEP

12288:zs9FFiUSoCU5qJSr1e2UULlrFXII4NZCglApHUzTshEx9ZOpaKGFkFp6woJ:W/SoCU5qJSr1e2UUiI4NZCgl8eTvtO9Y

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  2024-04-19_1b339b557f7d5291fdafb0c7e9b04a87_ryuk
- Size
  
  664KB
- MD5
  
  1b339b557f7d5291fdafb0c7e9b04a87
- SHA1
  
  63455745122b4f7347017552bfd375728d52105c
- SHA256
  
  3a732b3c5dc21123aa388ca1d7966ca412490f65ac5d05c11d698549a9372993
- SHA512
  
  2ce1b2bf90beffa52f843d5e8d2cb5466e881d060a0ac3307867785992b42c744894f51c408064f74415264260c865873e127931883b7c903310ee08f7153ae0
- SSDEEP
  
  12288:zs9FFiUSoCU5qJSr1e2UULlrFXII4NZCglApHUzTshEx9ZOpaKGFkFp6woJ:W/SoCU5qJSr1e2UUiI4NZCgl8eTvtO9Y
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (1685) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovpersistenceransomwarewiper