azov | f14c7eacdb39f1decdcf1e68f57c87340968fede1dc0391b2b082f58bd3a3f93 | Triage

Sharing

General

Target

2024-09-23_779bc558fee95b2d04f57e40d138bf23_blackcat_maui_nokoyawa_venus-locker_wannacry
Size

14.7MB
Sample

240923-bhhgassamb
MD5

779bc558fee95b2d04f57e40d138bf23
SHA1

b77875ba47716cc7f05ec86c02467b486c222563
SHA256

f14c7eacdb39f1decdcf1e68f57c87340968fede1dc0391b2b082f58bd3a3f93
SHA512

9e8793b5d7c3f89c20ce7ddf259c6278cfed31d11e6425b397788ae194ec2cd11c2a001b9dbe5de962aaca7b25c7409b2c7df737be0ff0b1c96e666af6e84b98
SSDEEP

196608:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhOM8qTsSqE:7XJ9e1wo548qSV5VhKOeTsRE

Score

10^/10

azov blackcat chaos mafiaware666 maui njrat venus persistence ransomware spyware stealer wiper

Malware Config

Targets

- Target
  
  2024-09-23_779bc558fee95b2d04f57e40d138bf23_blackcat_maui_nokoyawa_venus-locker_wannacry
- Size
  
  14.7MB
- MD5
  
  779bc558fee95b2d04f57e40d138bf23
- SHA1
  
  b77875ba47716cc7f05ec86c02467b486c222563
- SHA256
  
  f14c7eacdb39f1decdcf1e68f57c87340968fede1dc0391b2b082f58bd3a3f93
- SHA512
  
  9e8793b5d7c3f89c20ce7ddf259c6278cfed31d11e6425b397788ae194ec2cd11c2a001b9dbe5de962aaca7b25c7409b2c7df737be0ff0b1c96e666af6e84b98
- SSDEEP
  
  196608:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhOM8qTsSqE:7XJ9e1wo548qSV5VhKOeTsRE
Score

10^/10

azov persistence ransomware spyware stealer wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Renames multiple (1371) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

chaosmafiaware666mauivenusblackcatnjrat

behavioral1

azovpersistenceransomwarespywarestealerwiper

behavioral2

azovpersistenceransomwarespywarestealerwiper