azov | e213c6a73787190d2099133276615242f9ddebabd313626b017cf988bf8df05c | Triage

Sharing

General

Target

2024-06-18_d9405513b67a7bd4cf23bebb1505315a_ryuk
Size

4.2MB
Sample

240618-t625qa1gnf
MD5

d9405513b67a7bd4cf23bebb1505315a
SHA1

8b3680dec86cbb5b794ab59beb94e6749c0af28f
SHA256

e213c6a73787190d2099133276615242f9ddebabd313626b017cf988bf8df05c
SHA512

ecfe9017025e19e9a18a449a70b6f606a11ab5ab00dae17a8f68c56181f5f8c1fce21e98519e6b31dec50a0d17bdfb2bf212693f809e29e2e03ab456bcedff91
SSDEEP

49152:GCb9ANPwe04oOlBWD9rqGki0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAq:m2D8diFIIm3Gob5iEui1E

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  2024-06-18_d9405513b67a7bd4cf23bebb1505315a_ryuk
- Size
  
  4.2MB
- MD5
  
  d9405513b67a7bd4cf23bebb1505315a
- SHA1
  
  8b3680dec86cbb5b794ab59beb94e6749c0af28f
- SHA256
  
  e213c6a73787190d2099133276615242f9ddebabd313626b017cf988bf8df05c
- SHA512
  
  ecfe9017025e19e9a18a449a70b6f606a11ab5ab00dae17a8f68c56181f5f8c1fce21e98519e6b31dec50a0d17bdfb2bf212693f809e29e2e03ab456bcedff91
- SSDEEP
  
  49152:GCb9ANPwe04oOlBWD9rqGki0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAq:m2D8diFIIm3Gob5iEui1E
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (8351) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azovpersistenceransomwarespywarestealerwiper