General
-
Target
5e7547deb041ae366af5f9a6cac63707d095eab0538404021acb2ccc792db748N
-
Size
100KB
-
Sample
240930-wxthbssgpf
-
MD5
996263b678f145553083006856406100
-
SHA1
a90bc74bca3e92aeb2157fd3107082dbf3cdef4b
-
SHA256
5e7547deb041ae366af5f9a6cac63707d095eab0538404021acb2ccc792db748
-
SHA512
e00c8f36639fc3e1d88fbaba50248116d2d01b1dff4140c93bba9ad489ed47a405b276973d9a3b0c6daa04259201144d0afc36c5c871b473a5cf25fb629cc0e8
-
SSDEEP
1536:RtQw2dAwvXuhi3ugKXjxswp9yTx4rgu6+Lxz3sie/ubJkKs1hHLzIgKj7x3:Yw2mvU39sr9yTx4rgu6+Lxz8ik3HIZ7Z
Malware Config
Targets
-
-
Target
5e7547deb041ae366af5f9a6cac63707d095eab0538404021acb2ccc792db748N
-
Size
100KB
-
MD5
996263b678f145553083006856406100
-
SHA1
a90bc74bca3e92aeb2157fd3107082dbf3cdef4b
-
SHA256
5e7547deb041ae366af5f9a6cac63707d095eab0538404021acb2ccc792db748
-
SHA512
e00c8f36639fc3e1d88fbaba50248116d2d01b1dff4140c93bba9ad489ed47a405b276973d9a3b0c6daa04259201144d0afc36c5c871b473a5cf25fb629cc0e8
-
SSDEEP
1536:RtQw2dAwvXuhi3ugKXjxswp9yTx4rgu6+Lxz3sie/ubJkKs1hHLzIgKj7x3:Yw2mvU39sr9yTx4rgu6+Lxz8ik3HIZ7Z
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Renames multiple (380) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1