General

  • Target

    50a879053b11d436af23e4f38b9dacf2a610132c4ef88eff72f961e0650b9b1f

  • Size

    5.7MB

  • Sample

    240710-g1tj6stbre

  • MD5

    4661ad2e73e4ca7ffef5931c6c97df6f

  • SHA1

    1e0e0d1e1f518774e90c1224ee0faf901c5e8db0

  • SHA256

    50a879053b11d436af23e4f38b9dacf2a610132c4ef88eff72f961e0650b9b1f

  • SHA512

    fcecf3a9794b63e096a8a3bbc5715e0b2649224109d8b0fb986d50ae96839021bd718265fe82e028fc16872fd649d953d65a24726ff7f5761db40948664ce54a

  • SSDEEP

    98304:nNWZ9fHqaRv+XIjY6Suu1pHyf7n3gMxJAChtDy7n1UNEkborMO78PmxXU/yCMs8c:nNTcoI7StpHyzQMvAChtDyb1UNEkqxtg

Malware Config

Targets

    • Target

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • Size

      13.4MB

    • MD5

      1ce3b67e179c8420bd5b31e75b4427ca

    • SHA1

      4090622f0eadc1b420aa5d55e31ca5cd45e05f12

    • SHA256

      df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

    • SHA512

      c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f

    • SSDEEP

      98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

    • Azov

      A wiper seeking only damage, first seen in 2022.

    • Renames multiple (177) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks