General
-
Target
202409239fb28246a02994cd745c6881065f0fb6blackcatmauinokoyawavenuslockerwannacry
-
Size
13.9MB
-
Sample
240923-12ay1a1bmk
-
MD5
9fb28246a02994cd745c6881065f0fb6
-
SHA1
b2cc8f434e6fb012dbdae89d7c8b1d8ea95a7ad3
-
SHA256
d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc
-
SHA512
134416ccd29ce4fcd4db8116112884581020ac289f9813ad5c399c5d2aa963b1a8f23c8cb1ec4028c596e8112a2e51dbc222cca5156ae0da824b20f223427f3e
-
SSDEEP
98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84Mu:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhG
Malware Config
Targets
-
-
Target
202409239fb28246a02994cd745c6881065f0fb6blackcatmauinokoyawavenuslockerwannacry
-
Size
13.9MB
-
MD5
9fb28246a02994cd745c6881065f0fb6
-
SHA1
b2cc8f434e6fb012dbdae89d7c8b1d8ea95a7ad3
-
SHA256
d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc
-
SHA512
134416ccd29ce4fcd4db8116112884581020ac289f9813ad5c399c5d2aa963b1a8f23c8cb1ec4028c596e8112a2e51dbc222cca5156ae0da824b20f223427f3e
-
SSDEEP
98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84Mu:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhG
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Renames multiple (1875) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1