Overview

overview

10

Static

static

10

df9498892a...a3.exe

windows7-x64

10

df9498892a...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50a879053b11d436af23e4f38b9dacf2a610132c4ef88eff72f961e0650b9b1f

  • Size

    5.7MB

  • Sample

    240710-g1tj6stbre

  • MD5

    4661ad2e73e4ca7ffef5931c6c97df6f

  • SHA1

    1e0e0d1e1f518774e90c1224ee0faf901c5e8db0

  • SHA256

    50a879053b11d436af23e4f38b9dacf2a610132c4ef88eff72f961e0650b9b1f

  • SHA512

    fcecf3a9794b63e096a8a3bbc5715e0b2649224109d8b0fb986d50ae96839021bd718265fe82e028fc16872fd649d953d65a24726ff7f5761db40948664ce54a

  • SSDEEP

    98304:nNWZ9fHqaRv+XIjY6Suu1pHyf7n3gMxJAChtDy7n1UNEkborMO78PmxXU/yCMs8c:nNTcoI7StpHyzQMvAChtDyb1UNEkqxtg

Score
10/10
azovblackcatchaosmafiaware666mauinjratpersistenceransomwarespywarestealerwiper

Malware Config

Targets

    • Target

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • Size

      13.4MB

    • MD5

      1ce3b67e179c8420bd5b31e75b4427ca

    • SHA1

      4090622f0eadc1b420aa5d55e31ca5cd45e05f12

    • SHA256

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • SHA512

      c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f

    • SSDEEP

      98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

    Score
    10/10
    azovpersistenceransomwarespywarestealerwiper

    • Azov

      A wiper seeking only damage, first seen in 2022.

      ransomwarewiperazov

    • Renames multiple (177) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks