Overview

overview

10

Static

static

3

2024-08-12...uk.exe

windows7-x64

10

2024-08-12...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-12_9c37857ff85b3e358ba221c0ba1a6bec_ryuk

  • Size

    1.4MB

  • Sample

    240812-jf7x6swarh

  • MD5

    9c37857ff85b3e358ba221c0ba1a6bec

  • SHA1

    821504b4c92f6387a78f4a6125a8c5bc3e9ede4d

  • SHA256

    ab7b185b86821c2c881998f9967e5ca4a8894db6312eafe2cb872335941826dc

  • SHA512

    13c2cc058352a382704e5702764d24389cf3b1603ec002ab10d485440f6ad2e1bfbe651e5551d3ed726ca2073f79b395abfd93c843935832909149a70c07a430

  • SSDEEP

    24576:83UfD2wPCKqqc4UhUEdcfGCNhKsKEfVeAgw5Z0UMYTbKv:kUfD23KqCUhU0eGCbKBEflgwf0UMSbKv

Score
10/10
azovpersistenceransomwarewiper

Malware Config

Targets

    • Target

      2024-08-12_9c37857ff85b3e358ba221c0ba1a6bec_ryuk

    • Size

      1.4MB

    • MD5

      9c37857ff85b3e358ba221c0ba1a6bec

    • SHA1

      821504b4c92f6387a78f4a6125a8c5bc3e9ede4d

    • SHA256

      ab7b185b86821c2c881998f9967e5ca4a8894db6312eafe2cb872335941826dc

    • SHA512

      13c2cc058352a382704e5702764d24389cf3b1603ec002ab10d485440f6ad2e1bfbe651e5551d3ed726ca2073f79b395abfd93c843935832909149a70c07a430

    • SSDEEP

      24576:83UfD2wPCKqqc4UhUEdcfGCNhKsKEfVeAgw5Z0UMYTbKv:kUfD23KqCUhU0eGCbKBEflgwf0UMSbKv

    Score
    10/10
    azovpersistenceransomwarewiper

    • Azov

      A wiper seeking only damage, first seen in 2022.

      ransomwarewiperazov

    • Renames multiple (121) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks