azov | 03367deec3ee109621f3a6330cbb094b9d32c2ad544a2d3d5f9d5ceec4191dcf | Triage

Sharing

General

Target

2025-03-06_fea251d1d58c745b974b7e263ff1d513_ryuk
Size

1.5MB
Sample

250306-1f5aqaynw3
MD5

fea251d1d58c745b974b7e263ff1d513
SHA1

7c9a1120eb69b1021557edd3172f085967d97738
SHA256

03367deec3ee109621f3a6330cbb094b9d32c2ad544a2d3d5f9d5ceec4191dcf
SHA512

5c94defcc21c6d02215e30c39237ac366e2da02785762739e7de6cc41652b8e4ab42fed7fe19d0342e41b5906d6a8c67426148b2860bdbed0362091f96537179
SSDEEP

49152:Hl+i4vOgbD4+k9m67I+BpclbwbWAaJiwmqTjcoOn1gR:ZoKIuxqPFMnc

Score

10^/10

azov persistence ransomware wiper

Malware Config

Targets

- Target
  
  2025-03-06_fea251d1d58c745b974b7e263ff1d513_ryuk
- Size
  
  1.5MB
- MD5
  
  fea251d1d58c745b974b7e263ff1d513
- SHA1
  
  7c9a1120eb69b1021557edd3172f085967d97738
- SHA256
  
  03367deec3ee109621f3a6330cbb094b9d32c2ad544a2d3d5f9d5ceec4191dcf
- SHA512
  
  5c94defcc21c6d02215e30c39237ac366e2da02785762739e7de6cc41652b8e4ab42fed7fe19d0342e41b5906d6a8c67426148b2860bdbed0362091f96537179
- SSDEEP
  
  49152:Hl+i4vOgbD4+k9m67I+BpclbwbWAaJiwmqTjcoOn1gR:ZoKIuxqPFMnc
Score

10^/10

azov persistence ransomware wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Azov family
  azov
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

azovpersistenceransomwarewiper