azov | df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3 | Triage

Submit
Reports

Overview

overview

Static

static

2024-06-25...ry.exe

windows7-x64

2024-06-25...ry.exe

windows10-2004-x64

Resubmissions

05-08-2024 04:54

240805-fjvkga1eqb 10

25-06-2024 22:21

240625-19myjazarq 10

Sharing

General

Target

2024-06-25_1ce3b67e179c8420bd5b31e75b4427ca_blackcat_maui_nokoyawa_wannacry
Size

13.4MB
Sample

240625-19myjazarq
MD5

1ce3b67e179c8420bd5b31e75b4427ca
SHA1

4090622f0eadc1b420aa5d55e31ca5cd45e05f12
SHA256

df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
SHA512

c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f
SSDEEP

98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

Score

10^/10

azov blackcat chaos mafiaware666 maui njrat persistence ransomware spyware stealer wiper

Static task

static1

chaos mafiaware666 maui blackcat njrat

13 signatures

Behavioral task

behavioral1

Sample

2024-06-25_1ce3b67e179c8420bd5b31e75b4427ca_blackcat_maui_nokoyawa_wannacry.exe

Resource

win7-20240508-en

azov persistence ransomware spyware stealer wiper

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-25_1ce3b67e179c8420bd5b31e75b4427ca_blackcat_maui_nokoyawa_wannacry.exe

Resource

win10v2004-20240508-en

azov persistence ransomware spyware stealer wiper

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-25_1ce3b67e179c8420bd5b31e75b4427ca_blackcat_maui_nokoyawa_wannacry
- Size
  
  13.4MB
- MD5
  
  1ce3b67e179c8420bd5b31e75b4427ca
- SHA1
  
  4090622f0eadc1b420aa5d55e31ca5cd45e05f12
- SHA256
  
  df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
- SHA512
  
  c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f
- SSDEEP
  
  98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (1307) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

chaosmafiaware666mauiblackcatnjrat

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovpersistenceransomwarespywarestealerwiper

© 2018-2024

Terms | Privacy