azov | 50a879053b11d436af23e4f38b9dacf2a610132c4ef88eff72f961e0650b9b1f | Triage

Sharing

General

Target

3fa4a10d6132b2c7234726ce029c65ebdd605335bd29befd37118f23cec1afb3.zip
Size

5.7MB
Sample

240710-grysja1apj
MD5

4661ad2e73e4ca7ffef5931c6c97df6f
SHA1

1e0e0d1e1f518774e90c1224ee0faf901c5e8db0
SHA256

50a879053b11d436af23e4f38b9dacf2a610132c4ef88eff72f961e0650b9b1f
SHA512

fcecf3a9794b63e096a8a3bbc5715e0b2649224109d8b0fb986d50ae96839021bd718265fe82e028fc16872fd649d953d65a24726ff7f5761db40948664ce54a
SSDEEP

98304:nNWZ9fHqaRv+XIjY6Suu1pHyf7n3gMxJAChtDy7n1UNEkborMO78PmxXU/yCMs8c:nNTcoI7StpHyzQMvAChtDyb1UNEkqxtg

Score

10^/10

azov blackcat chaos mafiaware666 maui njrat persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
- Size
  
  13.4MB
- MD5
  
  1ce3b67e179c8420bd5b31e75b4427ca
- SHA1
  
  4090622f0eadc1b420aa5d55e31ca5cd45e05f12
- SHA256
  
  df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
- SHA512
  
  c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f
- SSDEEP
  
  98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (575) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

chaosmafiaware666mauiblackcatnjrat

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovpersistenceransomwarespywarestealerwiper