General
-
Target
2025-03-06_581b4a169b1d11d5722d0b95652c4d72_ryuk
-
Size
664KB
-
Sample
250306-vq696stqv7
-
MD5
581b4a169b1d11d5722d0b95652c4d72
-
SHA1
e0f096905b10f064322469161261b5debee0cf5e
-
SHA256
1b9212169964de38cc4cdca81ad08035309bd7eb633095c8e1319a0d06c20630
-
SHA512
06e4d3dc738ad71773bdd9a5907ad7d1654155123654f50a7fe0ad75504bd6cfabc0572b7eb5386c2edf8c14fd1716954ee0247c1aa1b54e6ec5100c0a3e2332
-
SSDEEP
12288:Ts9tAJdSoCU5qJSr1erWUM6i6FZJFzFgkAHHUzTshm8QvDF0Bc:OKSoCU5qJSr1erWzaZJFzFgkqeTIkD6c
Malware Config
Targets
-
-
Target
2025-03-06_581b4a169b1d11d5722d0b95652c4d72_ryuk
-
Size
664KB
-
MD5
581b4a169b1d11d5722d0b95652c4d72
-
SHA1
e0f096905b10f064322469161261b5debee0cf5e
-
SHA256
1b9212169964de38cc4cdca81ad08035309bd7eb633095c8e1319a0d06c20630
-
SHA512
06e4d3dc738ad71773bdd9a5907ad7d1654155123654f50a7fe0ad75504bd6cfabc0572b7eb5386c2edf8c14fd1716954ee0247c1aa1b54e6ec5100c0a3e2332
-
SSDEEP
12288:Ts9tAJdSoCU5qJSr1erWUM6i6FZJFzFgkAHHUzTshm8QvDF0Bc:OKSoCU5qJSr1erWzaZJFzFgkqeTIkD6c
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Azov family
-
Renames multiple (120) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1