General

  • Target

    2024-09-23_9fb28246a02994cd745c6881065f0fb6_blackcat_maui_nokoyawa_venus-locker_wannacry

  • Size

    13.9MB

  • Sample

    240923-ths7xa1hpq

  • MD5

    9fb28246a02994cd745c6881065f0fb6

  • SHA1

    b2cc8f434e6fb012dbdae89d7c8b1d8ea95a7ad3

  • SHA256

    d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc

  • SHA512

    134416ccd29ce4fcd4db8116112884581020ac289f9813ad5c399c5d2aa963b1a8f23c8cb1ec4028c596e8112a2e51dbc222cca5156ae0da824b20f223427f3e

  • SSDEEP

    98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84Mu:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhG

Malware Config

Targets

    • Target

      2024-09-23_9fb28246a02994cd745c6881065f0fb6_blackcat_maui_nokoyawa_venus-locker_wannacry

    • Size

      13.9MB

    • MD5

      9fb28246a02994cd745c6881065f0fb6

    • SHA1

      b2cc8f434e6fb012dbdae89d7c8b1d8ea95a7ad3

    • SHA256

      d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc

    • SHA512

      134416ccd29ce4fcd4db8116112884581020ac289f9813ad5c399c5d2aa963b1a8f23c8cb1ec4028c596e8112a2e51dbc222cca5156ae0da824b20f223427f3e

    • SSDEEP

      98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84Mu:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqhG

    • Azov

      A wiper seeking only damage, first seen in 2022.

    • Renames multiple (2080) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks