General
-
Target
2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk
-
Size
4.2MB
-
Sample
240616-mgzjzazdmb
-
MD5
c1c8d51a21db95800b0d0ca3080e3b54
-
SHA1
22e3df39c92ed0d9603fc90108e81cfa05c55afb
-
SHA256
b6f5f9f64cefc40397e3b56157fea90b31bb7ce042abc843f61d4c653684cc33
-
SHA512
289e801a6fcba6d2c19deb4afaa13f328d2a38039a52afea33f0d62feab66f517e0b48a90c6bbd11be53005a08ffab38fcfa424b5fb0844f7dc4e3c7c10733ed
-
SSDEEP
49152:V7z2B+S8lpOlBWD9rqGpi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAGGG:JO2D80iFIIm3Gob5iEu3qWVQ+
Malware Config
Targets
-
-
Target
2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk
-
Size
4.2MB
-
MD5
c1c8d51a21db95800b0d0ca3080e3b54
-
SHA1
22e3df39c92ed0d9603fc90108e81cfa05c55afb
-
SHA256
b6f5f9f64cefc40397e3b56157fea90b31bb7ce042abc843f61d4c653684cc33
-
SHA512
289e801a6fcba6d2c19deb4afaa13f328d2a38039a52afea33f0d62feab66f517e0b48a90c6bbd11be53005a08ffab38fcfa424b5fb0844f7dc4e3c7c10733ed
-
SSDEEP
49152:V7z2B+S8lpOlBWD9rqGpi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAGGG:JO2D80iFIIm3Gob5iEu3qWVQ+
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Renames multiple (8399) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-