General
-
Target
2024-06-06_e260b5fe5606aea8cf2c4ee7270c8e9c_ryuk
-
Size
664KB
-
Sample
240606-eewrasgb4s
-
MD5
e260b5fe5606aea8cf2c4ee7270c8e9c
-
SHA1
00b7e0dc76790e4229191dcb068dba66bfb05654
-
SHA256
cc9914ae1f6dec97bc9f7d957a71b4458e8398a8dcaa10e57083a8605fd7d6b6
-
SHA512
4330f6a075ffb2a6339ab5ce2967a15189f5b0b292940ed0b88c8c428c260dfa9e91858f1fde1229ef4f4765ea1cf57fbbdaaa3550bd8785099b64d1fc5a1e04
-
SSDEEP
12288:us9AfkcSoCU5qJSr1eaVQUBsOeHDUOiEIg3AYHUzTshmh0D3:O/SoCU5qJSr1eIQAwDUOiEIg3NeTd2L
Malware Config
Targets
-
-
Target
2024-06-06_e260b5fe5606aea8cf2c4ee7270c8e9c_ryuk
-
Size
664KB
-
MD5
e260b5fe5606aea8cf2c4ee7270c8e9c
-
SHA1
00b7e0dc76790e4229191dcb068dba66bfb05654
-
SHA256
cc9914ae1f6dec97bc9f7d957a71b4458e8398a8dcaa10e57083a8605fd7d6b6
-
SHA512
4330f6a075ffb2a6339ab5ce2967a15189f5b0b292940ed0b88c8c428c260dfa9e91858f1fde1229ef4f4765ea1cf57fbbdaaa3550bd8785099b64d1fc5a1e04
-
SSDEEP
12288:us9AfkcSoCU5qJSr1eaVQUBsOeHDUOiEIg3AYHUzTshmh0D3:O/SoCU5qJSr1eIQAwDUOiEIg3NeTd2L
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Renames multiple (1459) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-