azov | 0da309cc4f0d21c76c26d7b4f1c65bb1659908f191edb01d76ff22c8dabef0b1 | Triage

Sharing

General

Target

2024-09-22_5dcc0d306aeb694d6c7631fc50a6a6d0_blackcat_maui_nokoyawa_venus-locker_wannacry
Size

14.2MB
Sample

240922-3pmhdazdmg
MD5

5dcc0d306aeb694d6c7631fc50a6a6d0
SHA1

6ae810e89b0dd7e961f81e6163f600006d219fb5
SHA256

0da309cc4f0d21c76c26d7b4f1c65bb1659908f191edb01d76ff22c8dabef0b1
SHA512

5334063dc47b501c66c2a5adf6fcfd41046e86116a15b1938928121142868d02968851b5031442448472b51bef122b785a5a406b21656bbbada0bdf9121b85ac
SSDEEP

196608:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhOM8U:7XJ9e1wo548qSV5VhKOY

Score

10^/10

azov blackcat chaos mafiaware666 maui njrat venus persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  2024-09-22_5dcc0d306aeb694d6c7631fc50a6a6d0_blackcat_maui_nokoyawa_venus-locker_wannacry
- Size
  
  14.2MB
- MD5
  
  5dcc0d306aeb694d6c7631fc50a6a6d0
- SHA1
  
  6ae810e89b0dd7e961f81e6163f600006d219fb5
- SHA256
  
  0da309cc4f0d21c76c26d7b4f1c65bb1659908f191edb01d76ff22c8dabef0b1
- SHA512
  
  5334063dc47b501c66c2a5adf6fcfd41046e86116a15b1938928121142868d02968851b5031442448472b51bef122b785a5a406b21656bbbada0bdf9121b85ac
- SSDEEP
  
  196608:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhOM8U:7XJ9e1wo548qSV5VhKOY
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (842) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

chaosmafiaware666mauivenusblackcatnjrat

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovpersistenceransomwarespywarestealerwiper