Overview

overview

10

Static

static

10

df9498892a...a3.exe

windows7-x64

10

df9498892a...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17754786359.zip

  • Size

    5.7MB

  • Sample

    240623-ga5vhs1flg

  • MD5

    c6757e0216d77d7b4425ec238b1c7ff4

  • SHA1

    d304f97d9b77953a2a03ec6337f081ab9cb2522b

  • SHA256

    3fa4a10d6132b2c7234726ce029c65ebdd605335bd29befd37118f23cec1afb3

  • SHA512

    d4df9170c48459534fe73d3ab951e003888d5fa8eac1c3bc6834c32adca28d41ae697935e96ed0f8ad7bacd87e62ecc9bbac0c1179056f3022be10b1f54247bb

  • SSDEEP

    98304:AiVR2NGWlwraUvwtRaEQuskGb7V/b6UNMmUY3PEMUjFaepv8X8rRFlMs1:AiVR2zqrbvQBiXZU+ENVUX8lrMG

Score
10/10
azovblackcatchaosmafiaware666mauinjratpersistenceransomwarespywarestealerwiper

Malware Config

Targets

    • Target

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • Size

      13.4MB

    • MD5

      1ce3b67e179c8420bd5b31e75b4427ca

    • SHA1

      4090622f0eadc1b420aa5d55e31ca5cd45e05f12

    • SHA256

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • SHA512

      c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f

    • SSDEEP

      98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

    Score
    10/10
    azovpersistenceransomwarespywarestealerwiper

    • Azov

      A wiper seeking only damage, first seen in 2022.

      ransomwarewiperazov

    • Renames multiple (1972) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks