General
-
Target
2025-03-06_142e7ec8fc14736462f39959d6628215_ryuk
-
Size
2.8MB
-
Sample
250306-xd26ssvrw3
-
MD5
142e7ec8fc14736462f39959d6628215
-
SHA1
9992edbd78753126d6cf043e5baffa1e2e74873a
-
SHA256
ec12fa74448225f87c0c27d34beb18bed4f60e9143cac60acc21c46d8ef972ba
-
SHA512
5701f5f1fbe6be58b70feea8834f54aabbbaf06d4d80672883a6b8e808c8c9c39d25c0807f5b99aa91354681cb7bd8dec99f788bf5b3e3d8236d2e04530301a5
-
SSDEEP
49152:WPIq9hUBwj9Ta507NUUWn043oHS3fPYwVq1/xT3DDbw0TUqyy696:RWhSXYw8yKl
Malware Config
Targets
-
-
Target
2025-03-06_142e7ec8fc14736462f39959d6628215_ryuk
-
Size
2.8MB
-
MD5
142e7ec8fc14736462f39959d6628215
-
SHA1
9992edbd78753126d6cf043e5baffa1e2e74873a
-
SHA256
ec12fa74448225f87c0c27d34beb18bed4f60e9143cac60acc21c46d8ef972ba
-
SHA512
5701f5f1fbe6be58b70feea8834f54aabbbaf06d4d80672883a6b8e808c8c9c39d25c0807f5b99aa91354681cb7bd8dec99f788bf5b3e3d8236d2e04530301a5
-
SSDEEP
49152:WPIq9hUBwj9Ta507NUUWn043oHS3fPYwVq1/xT3DDbw0TUqyy696:RWhSXYw8yKl
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Azov family
-
Renames multiple (8169) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1