General

  • Target

    2024-06-11_1c7f9f6ab3eb20e3707f6966e2bd532a_ryuk

  • Size

    664KB

  • Sample

    240611-mtzeqstglc

  • MD5

    1c7f9f6ab3eb20e3707f6966e2bd532a

  • SHA1

    232c924137cd0c7110c25b052c8b459d1e714ca2

  • SHA256

    d78f85ffd6c6b64c5fb2b25a98d5956c0cff3d09f6940cc6547e6decd6b99dcd

  • SHA512

    d4c87845e9e1fdb395531501533786229dc8bb8da84c4e1a8830d56f02d9dde8cc6d836a22981f6edb8829ef542a37306b6d0b7a73e2af010d1c07ce702902b4

  • SSDEEP

    12288:ds9bgSyWSoCU5qJSr1eD0Uv04tTkqFAgg+AvHUzTshNTZn+Pyf7/ul:mgsSoCU5qJSr1eD0cNkqFAgg+ieTyTVI

Malware Config

Targets

    • Target

      2024-06-11_1c7f9f6ab3eb20e3707f6966e2bd532a_ryuk

    • Size

      664KB

    • MD5

      1c7f9f6ab3eb20e3707f6966e2bd532a

    • SHA1

      232c924137cd0c7110c25b052c8b459d1e714ca2

    • SHA256

      d78f85ffd6c6b64c5fb2b25a98d5956c0cff3d09f6940cc6547e6decd6b99dcd

    • SHA512

      d4c87845e9e1fdb395531501533786229dc8bb8da84c4e1a8830d56f02d9dde8cc6d836a22981f6edb8829ef542a37306b6d0b7a73e2af010d1c07ce702902b4

    • SSDEEP

      12288:ds9bgSyWSoCU5qJSr1eD0Uv04tTkqFAgg+AvHUzTshNTZn+Pyf7/ul:mgsSoCU5qJSr1eD0cNkqFAgg+ieTyTVI

    • Azov

      A wiper seeking only damage, first seen in 2022.

    • Renames multiple (1946) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks