azov | 8b6dfd3ffb94305fd1931e7a6d2250bff2d87f0a5888ffb77d1c57dae621b041 | Triage

Resubmissions

11-06-2024 12:48

240611-p15w7sxdkb 10

11-06-2024 12:33

240611-prnxbsxejq 10

Sharing

General

Target

34e0037bcc8771562310c79656b3d650_NeikiAnalytics.exe
Size

110KB
Sample

240611-p15w7sxdkb
MD5

34e0037bcc8771562310c79656b3d650
SHA1

ffb3e4b3706dbb1410305420fa3a6dbb3621614e
SHA256

8b6dfd3ffb94305fd1931e7a6d2250bff2d87f0a5888ffb77d1c57dae621b041
SHA512

5383a32bb0ff15efd62f75814369a179ce37dada90dc115769ac1823035a1e988c72dcfefe3503b23f72be1fe5f5ef4fe49c78fb2828bc426972b1077dc5a5db
SSDEEP

3072:G8RtOU39lFdhTx4rPdy6aGzw2fZwNPFS2308TI:RRtOs9zSM6lRGPg2I

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  34e0037bcc8771562310c79656b3d650_NeikiAnalytics.exe
- Size
  
  110KB
- MD5
  
  34e0037bcc8771562310c79656b3d650
- SHA1
  
  ffb3e4b3706dbb1410305420fa3a6dbb3621614e
- SHA256
  
  8b6dfd3ffb94305fd1931e7a6d2250bff2d87f0a5888ffb77d1c57dae621b041
- SHA512
  
  5383a32bb0ff15efd62f75814369a179ce37dada90dc115769ac1823035a1e988c72dcfefe3503b23f72be1fe5f5ef4fe49c78fb2828bc426972b1077dc5a5db
- SSDEEP
  
  3072:G8RtOU39lFdhTx4rPdy6aGzw2fZwNPFS2308TI:RRtOs9zSM6lRGPg2I
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (909) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azovpersistenceransomwarespywarestealerwiper