a570a7c27ab10595ae8d850ff72e02aa473a7f2b858603c963df513ebdf67227 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Azurite Se...12.exe

windows10-2004-x64

5

Azurite Se...12.exe

windows11-21h2-x64

9

Sharing

General

Target

Azurite Setup 1.1.12.exe
Size

111.3MB
Sample

240525-rhy22sfd2z
MD5

4848ad03ab3dd1c09aaf5ace18a55f36
SHA1

f8f65216cdff313730ce23cb98d3302aad8b403b
SHA256

a570a7c27ab10595ae8d850ff72e02aa473a7f2b858603c963df513ebdf67227
SHA512

6d926a9674e0ea3130323e725289ea54c31c9e2be4745a8f407d32fe91cac8ca7ffa97d0c107de3d293c8aa990e44f901e322e342eb01d3e7968b880b2d026c3
SSDEEP

3145728:5gFkGgcymcNLCSBsFkGNnSjejR0XL4pPV:KCLCSmZn+V09

Score

9^/10

discovery evasion execution ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Azurite Setup 1.1.12.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

Azurite Setup 1.1.12.exe

Resource

win11-20240426-en

discovery evasion execution ransomware

windows11-21h2-x64

18 signatures

300 seconds

Malware Config

Targets

- Target
  
  Azurite Setup 1.1.12.exe
- Size
  
  111.3MB
- MD5
  
  4848ad03ab3dd1c09aaf5ace18a55f36
- SHA1
  
  f8f65216cdff313730ce23cb98d3302aad8b403b
- SHA256
  
  a570a7c27ab10595ae8d850ff72e02aa473a7f2b858603c963df513ebdf67227
- SHA512
  
  6d926a9674e0ea3130323e725289ea54c31c9e2be4745a8f407d32fe91cac8ca7ffa97d0c107de3d293c8aa990e44f901e322e342eb01d3e7968b880b2d026c3
- SSDEEP
  
  3145728:5gFkGgcymcNLCSBsFkGNnSjejR0XL4pPV:KCLCSmZn+V09
Score

9^/10

discovery evasion execution ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecutionransomware

© 2018-2024

Terms | Privacy