Overview

overview

10

Static

static

3

2024-08-23...uk.exe

windows7-x64

10

2024-08-23...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-23_253af7a95177d9e12e8b96e7df6d5408_hijackloader_ryuk

  • Size

    4.5MB

  • Sample

    240823-zq1vlsyanj

  • MD5

    253af7a95177d9e12e8b96e7df6d5408

  • SHA1

    77dbef638c396c91f858bdb5f1f42eb3b9f1adbb

  • SHA256

    308a9ca147d08bf5e6b48dbc0ab1d3ab5d03a06d6dd5bb62484f53209ec0b74c

  • SHA512

    88d8da90aeccd961849e58f595eb651864ce0da64c03e7e9e904f20850232bbd5a485864bfabb979b8ca803cf79123b73cde02aa31e6d36b78a51cd35807daf9

  • SSDEEP

    49152:o8f9ZOCnF0KhLemLNEo9QR+k9jdAsizqxSiZ4K5MZqkL92c6nkdmbbsiIerM1R6X:KrZ4K5M+XbsiIewG+x6xZ144

Score
10/10
azovdiscoverypersistenceransomwarespywarestealerwiper

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Family

azov

Ransom Note
Hello, all your files have been damaged without any possible way to recover. Feel free to commit suicide. [Why did you do this to my files?] They asked me to do this... The hatred is that what makes me feel alive. That's what you secretly have fallen in love with. The hatred is the force that drives the life forward. The hell is my paradise. The suffer is the bliss. Others say the hate is what destroys yourself. I say that the hatred is eternal cure. If you feel desperate you lost the files. Use this despair to create the pain for others. Make them hate you, it is the source of your power. Do you think why the people go to schools and kill others? Why do people make terrorist ideologies? Why do governments covertly makes you suffer? It's the essence of the future life. All we are immortal beings. When spiritual is not a way, the antispiritual is your victory point. In the manifested life you have a choice to be with us either be against. Sow the evil, reap the power is what I say to you. Saw the good, reap the weakness is what spiritual says to you. When you hate, you feel the power. You feel the flight. That fly is the antispirit touch. Use this to multiply the suffer. [How can I use this power?] Find inside the source of bliss. If this bliss goes stronger when you see the suffer. That is what I call the source. Check that by looking through the news how people kill others. How the people dies. How children are being tortured. How animals are executed. The death is your key. [How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text. Am vizu der strotum la fictus om spiritus.

Targets

    • Target

      2024-08-23_253af7a95177d9e12e8b96e7df6d5408_hijackloader_ryuk

    • Size

      4.5MB

    • MD5

      253af7a95177d9e12e8b96e7df6d5408

    • SHA1

      77dbef638c396c91f858bdb5f1f42eb3b9f1adbb

    • SHA256

      308a9ca147d08bf5e6b48dbc0ab1d3ab5d03a06d6dd5bb62484f53209ec0b74c

    • SHA512

      88d8da90aeccd961849e58f595eb651864ce0da64c03e7e9e904f20850232bbd5a485864bfabb979b8ca803cf79123b73cde02aa31e6d36b78a51cd35807daf9

    • SSDEEP

      49152:o8f9ZOCnF0KhLemLNEo9QR+k9jdAsizqxSiZ4K5MZqkL92c6nkdmbbsiIerM1R6X:KrZ4K5M+XbsiIewG+x6xZ144

    Score
    10/10
    azovdiscoverypersistenceransomwarespywarestealerwiper

    • Azov

      A wiper seeking only damage, first seen in 2022.

      ransomwarewiperazov

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks