General
-
Target
2025-03-06_0eaf36d5491c37259fd5c5a9c598efa5_ryuk
-
Size
664KB
-
Sample
250306-xdqg1avvfx
-
MD5
0eaf36d5491c37259fd5c5a9c598efa5
-
SHA1
179629db3e7e97ea78c688e7e9e714eabd9afa3b
-
SHA256
799a339ff96d71df707fdf08357a290f97704587a224d7d1583de3405758c431
-
SHA512
a39e70430f20c8861725ccd57a26bb3b39bc0d4b74f2076439e681c054a3d759a30fa807b154cdba24e25b577c8d21e29d5095952a6e6e8f34641bdb51b7ce53
-
SSDEEP
12288:+s9zbXgSoCU5qJSr1e21UCYrn2IulPIgtAKHUzTshTZcZDoVpmA:lkSoCU5qJSr1e21K2IulPIgtbeT4VJ
Malware Config
Targets
-
-
Target
2025-03-06_0eaf36d5491c37259fd5c5a9c598efa5_ryuk
-
Size
664KB
-
MD5
0eaf36d5491c37259fd5c5a9c598efa5
-
SHA1
179629db3e7e97ea78c688e7e9e714eabd9afa3b
-
SHA256
799a339ff96d71df707fdf08357a290f97704587a224d7d1583de3405758c431
-
SHA512
a39e70430f20c8861725ccd57a26bb3b39bc0d4b74f2076439e681c054a3d759a30fa807b154cdba24e25b577c8d21e29d5095952a6e6e8f34641bdb51b7ce53
-
SSDEEP
12288:+s9zbXgSoCU5qJSr1e21UCYrn2IulPIgtAKHUzTshTZcZDoVpmA:lkSoCU5qJSr1e21K2IulPIgtbeT4VJ
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Azov family
-
Renames multiple (1481) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1