azov | 93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7 | Triage

Sharing

General

Target

93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
Size

210KB
Sample

240622-nclmzswanc
MD5

5a6be7fd4177c3981476ed55d34b1100
SHA1

807bb107b65daf9c1e69bded17fb9a76ee3ad3da
SHA256

93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7
SHA512

faa45cb053aab3c7a385f2591e3adf44c78fa1c60398fe46024ff18c5ef9237664c24ec07f9bfaa83baeef153208bff23212f74ed95eac11ffbd52d3bb908e08
SSDEEP

6144:rms9+PTsfErmFzKq2aOpBZw9d9kLTJzrm:rms929Dwm8

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
- Size
  
  210KB
- MD5
  
  5a6be7fd4177c3981476ed55d34b1100
- SHA1
  
  807bb107b65daf9c1e69bded17fb9a76ee3ad3da
- SHA256
  
  93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7
- SHA512
  
  faa45cb053aab3c7a385f2591e3adf44c78fa1c60398fe46024ff18c5ef9237664c24ec07f9bfaa83baeef153208bff23212f74ed95eac11ffbd52d3bb908e08
- SSDEEP
  
  6144:rms9+PTsfErmFzKq2aOpBZw9d9kLTJzrm:rms929Dwm8
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (8237) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovpersistenceransomwarespywarestealerwiper