General
-
Target
2025-03-06_9f15b01122f03e963738824899567821_ryuk
-
Size
664KB
-
Sample
250306-gx47ha1pw7
-
MD5
9f15b01122f03e963738824899567821
-
SHA1
7ca04e63a702c9009254120bd994fbc8f804ae12
-
SHA256
b7f505a178382da50c6b762a5203998bc58c73cc900637db2c05ffd009e8d989
-
SHA512
9f082ec91b03b5d1494a24ac389e0ff62c0488ee33ea3b4c332de05c2e792b552d7c5638592bd37c9ad4a436bc9b13976e9a7c86d42b60ef056ccf72b9b17289
-
SSDEEP
12288:/s9fQyrSoCU5qJSr1eycUVwIfAXD1L9geAdHUzTshqS8WNMmn2sQ8z:wvSoCU5qJSr1eyceYXD1L9gekeTW8WNR
Malware Config
Targets
-
-
Target
2025-03-06_9f15b01122f03e963738824899567821_ryuk
-
Size
664KB
-
MD5
9f15b01122f03e963738824899567821
-
SHA1
7ca04e63a702c9009254120bd994fbc8f804ae12
-
SHA256
b7f505a178382da50c6b762a5203998bc58c73cc900637db2c05ffd009e8d989
-
SHA512
9f082ec91b03b5d1494a24ac389e0ff62c0488ee33ea3b4c332de05c2e792b552d7c5638592bd37c9ad4a436bc9b13976e9a7c86d42b60ef056ccf72b9b17289
-
SSDEEP
12288:/s9fQyrSoCU5qJSr1eycUVwIfAXD1L9geAdHUzTshqS8WNMmn2sQ8z:wvSoCU5qJSr1eyceYXD1L9gekeTW8WNR
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Azov family
-
Renames multiple (1741) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1