General

  • Target

    17754786359.zip

  • Size

    5.7MB

  • Sample

    240623-ga5vhs1flg

  • MD5

    c6757e0216d77d7b4425ec238b1c7ff4

  • SHA1

    d304f97d9b77953a2a03ec6337f081ab9cb2522b

  • SHA256

    3fa4a10d6132b2c7234726ce029c65ebdd605335bd29befd37118f23cec1afb3

  • SHA512

    d4df9170c48459534fe73d3ab951e003888d5fa8eac1c3bc6834c32adca28d41ae697935e96ed0f8ad7bacd87e62ecc9bbac0c1179056f3022be10b1f54247bb

  • SSDEEP

    98304:AiVR2NGWlwraUvwtRaEQuskGb7V/b6UNMmUY3PEMUjFaepv8X8rRFlMs1:AiVR2zqrbvQBiXZU+ENVUX8lrMG

Malware Config

Targets

    • Target

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • Size

      13.4MB

    • MD5

      1ce3b67e179c8420bd5b31e75b4427ca

    • SHA1

      4090622f0eadc1b420aa5d55e31ca5cd45e05f12

    • SHA256

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • SHA512

      c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f

    • SSDEEP

      98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

    • Azov

      A wiper seeking only damage, first seen in 2022.

    • Renames multiple (1972) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks