General
-
Target
2024-06-11_b2aadc9acbcbee48a4fafdd5f129aecc_ryuk
-
Size
664KB
-
Sample
240611-h97c3azbnr
-
MD5
b2aadc9acbcbee48a4fafdd5f129aecc
-
SHA1
21b80f6fd721c7f21bbf31a7540d7937309b4b80
-
SHA256
019819ed42ee5e300f592a30636289ed8615f3256fa70a30b19323f02f382a6d
-
SHA512
21e5fa26b3b955cb1ac2dee0bb8e1a8cb4fdc8429f0130785e631f0b719073a4694572147eab764491321a6a18eec50030d6b73f00e64d9791bd45ca29bfe274
-
SSDEEP
12288:ns9fjVDSoCU5qJSr1eg0U+h5csWGphrgwALHUzTshvB6ioMjdgJ:ghSoCU5qJSr1eg0vJWGphrgwSeTsUioJ
Malware Config
Targets
-
-
Target
2024-06-11_b2aadc9acbcbee48a4fafdd5f129aecc_ryuk
-
Size
664KB
-
MD5
b2aadc9acbcbee48a4fafdd5f129aecc
-
SHA1
21b80f6fd721c7f21bbf31a7540d7937309b4b80
-
SHA256
019819ed42ee5e300f592a30636289ed8615f3256fa70a30b19323f02f382a6d
-
SHA512
21e5fa26b3b955cb1ac2dee0bb8e1a8cb4fdc8429f0130785e631f0b719073a4694572147eab764491321a6a18eec50030d6b73f00e64d9791bd45ca29bfe274
-
SSDEEP
12288:ns9fjVDSoCU5qJSr1eg0U+h5csWGphrgwALHUzTshvB6ioMjdgJ:ghSoCU5qJSr1eg0vJWGphrgwSeTsUioJ
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Renames multiple (1800) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-