General
-
Target
(2023) BlackCat.exe
-
Size
13.4MB
-
Sample
241027-q3xjaawkar
-
MD5
1ce3b67e179c8420bd5b31e75b4427ca
-
SHA1
4090622f0eadc1b420aa5d55e31ca5cd45e05f12
-
SHA256
df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
-
SHA512
c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f
-
SSDEEP
98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn
Malware Config
Targets
-
-
Target
(2023) BlackCat.exe
-
Size
13.4MB
-
MD5
1ce3b67e179c8420bd5b31e75b4427ca
-
SHA1
4090622f0eadc1b420aa5d55e31ca5cd45e05f12
-
SHA256
df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
-
SHA512
c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f
-
SSDEEP
98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Azov family
-
Renames multiple (1378) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1