azov | 34599f295530b6fee948082793d4c9bde317bb0d602c9f9a28862316e33f8485 | Triage

Sharing

General

Target

2024-06-18_1472604c55fc5cf75cdb65601b2df067_ryuk
Size

4.2MB
Sample

240618-s8ea1azelf
MD5

1472604c55fc5cf75cdb65601b2df067
SHA1

60bffd4cc879fa835b3c50c096dda06597ea93b0
SHA256

34599f295530b6fee948082793d4c9bde317bb0d602c9f9a28862316e33f8485
SHA512

5ec891accbe66bdd2d2d54276825260da2b79d4049ad15fe1e2d2f46e600868aec827943960340d8506a82ea265608191de2dff8b9f26dfad1896fa05fa43d12
SSDEEP

49152:0V7lXnLl+OlBWD9rqGzi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAGGUN:O2D8uiFIIm3Gob5iEuDlFn

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  2024-06-18_1472604c55fc5cf75cdb65601b2df067_ryuk
- Size
  
  4.2MB
- MD5
  
  1472604c55fc5cf75cdb65601b2df067
- SHA1
  
  60bffd4cc879fa835b3c50c096dda06597ea93b0
- SHA256
  
  34599f295530b6fee948082793d4c9bde317bb0d602c9f9a28862316e33f8485
- SHA512
  
  5ec891accbe66bdd2d2d54276825260da2b79d4049ad15fe1e2d2f46e600868aec827943960340d8506a82ea265608191de2dff8b9f26dfad1896fa05fa43d12
- SSDEEP
  
  49152:0V7lXnLl+OlBWD9rqGzi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAGGUN:O2D8uiFIIm3Gob5iEuDlFn
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (8816) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azovpersistenceransomwarespywarestealerwiper