Resubmissions

05-08-2024 04:54

240805-fjvkga1eqb 10

25-06-2024 22:21

240625-19myjazarq 10

General

  • Target

    2024-06-25_1ce3b67e179c8420bd5b31e75b4427ca_blackcat_maui_nokoyawa_wannacry

  • Size

    13.4MB

  • Sample

    240625-19myjazarq

  • MD5

    1ce3b67e179c8420bd5b31e75b4427ca

  • SHA1

    4090622f0eadc1b420aa5d55e31ca5cd45e05f12

  • SHA256

    df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

  • SHA512

    c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f

  • SSDEEP

    98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

Malware Config

Targets

    • Target

      2024-06-25_1ce3b67e179c8420bd5b31e75b4427ca_blackcat_maui_nokoyawa_wannacry

    • Size

      13.4MB

    • MD5

      1ce3b67e179c8420bd5b31e75b4427ca

    • SHA1

      4090622f0eadc1b420aa5d55e31ca5cd45e05f12

    • SHA256

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • SHA512

      c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f

    • SSDEEP

      98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

    • Azov

      A wiper seeking only damage, first seen in 2022.

    • Renames multiple (1307) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.