Extracted

• • Target

    2024-08-17_d3afdec7b70b73b78f6c1a108f090a0a_hijackloader_ryuk

  • Size

    4.2MB

  • MD5

    d3afdec7b70b73b78f6c1a108f090a0a

  • SHA1

    621900758d60b6f1551b83f023750e1e1786eadd

  • SHA256

    cfee0b3823bfd6768d9fdb04e8546a60eb234191e7b9779e5872f5ae0ff6e4fd

  • SHA512

    861cf3bc750d0a32601a3f8b2c161b916be188be716c5216fcd1117de0911827ef934697011d082be623ee12838e04e1096f559678a3fd183e0b30b8c24907f6

  • SSDEEP

    49152:iNazhK7ATnjal/IcmsCao5h+GjsY3ttrucJzRIq4RBTkV2XNuBDGuMrkOwbFE1dp:izc5sY3nucJzR8Nfwaa8Fx7

  Score

  10^/10

  azovpersistenceransomwarespywarestealerwiper

  • Azov

    A wiper seeking only damage, first seen in 2022.

    ransomwarewiperazov

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2