azov | 8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99 | Triage

Sharing

General

Target

8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
Size

319KB
Sample

240628-hls6jawenb
MD5

e875f3e021beab1203a92da7fbe51490
SHA1

36dfa6259dcaf170959c56ea54b85233bfbff4c7
SHA256

8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99
SHA512

2f2f21279c80385e7a246941e43091fe8988bf886395c0ad260ae435a992dea77f1c036b174da7d54c6ecd3fab2af22a6bea6985c79520574694e86191241a2e
SSDEEP

6144:vwU64s9KvnLbLtvSVLx9y9TBA3QvEOpP7WYhw1bRh2Z:vc4s9KvfZ679y9TagvEEP6SwR+

Score

10^/10

azov discovery persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
- Size
  
  319KB
- MD5
  
  e875f3e021beab1203a92da7fbe51490
- SHA1
  
  36dfa6259dcaf170959c56ea54b85233bfbff4c7
- SHA256
  
  8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99
- SHA512
  
  2f2f21279c80385e7a246941e43091fe8988bf886395c0ad260ae435a992dea77f1c036b174da7d54c6ecd3fab2af22a6bea6985c79520574694e86191241a2e
- SSDEEP
  
  6144:vwU64s9KvnLbLtvSVLx9y9TBA3QvEOpP7WYhw1bRh2Z:vc4s9KvfZ679y9TagvEEP6SwR+
Score

10^/10

azov persistence ransomware spyware stealer wiper discovery
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (7418) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovdiscoverypersistenceransomwarewiper