azov | f22130568e8b133f8ee26ad002e3f3323cd1c7f6e1025f0fd27c5977fbe3e67a | Triage

Sharing

General

Target

2024-04-19_2545f67c8e64a3155e2b38af93be2384_ryuk
Size

2.8MB
Sample

240420-adyr2sbh7z
MD5

2545f67c8e64a3155e2b38af93be2384
SHA1

9834ed79f230a41458abd7e20b3c61cd05579f84
SHA256

f22130568e8b133f8ee26ad002e3f3323cd1c7f6e1025f0fd27c5977fbe3e67a
SHA512

a91974ac6817f23242ec998e2d0d91b5a6e7c414997b2cb00db76ec215e96189157b2ab1fbd5acb5a6e76c1e242c827424d8b8169bdfc6990a652a421b5c5d12
SSDEEP

49152:CXYdaHvN8kHa507NUUWn043oHS3fvYwVq1/xT3DDbw0TUqy+Nwd:8WohS3Yw8yGE

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  2024-04-19_2545f67c8e64a3155e2b38af93be2384_ryuk
- Size
  
  2.8MB
- MD5
  
  2545f67c8e64a3155e2b38af93be2384
- SHA1
  
  9834ed79f230a41458abd7e20b3c61cd05579f84
- SHA256
  
  f22130568e8b133f8ee26ad002e3f3323cd1c7f6e1025f0fd27c5977fbe3e67a
- SHA512
  
  a91974ac6817f23242ec998e2d0d91b5a6e7c414997b2cb00db76ec215e96189157b2ab1fbd5acb5a6e76c1e242c827424d8b8169bdfc6990a652a421b5c5d12
- SSDEEP
  
  49152:CXYdaHvN8kHa507NUUWn043oHS3fvYwVq1/xT3DDbw0TUqy+Nwd:8WohS3Yw8yGE
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (8300) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovpersistenceransomwarespywarestealerwiper