azov | 5e6415deaf980660f1d4e2370288a2942e08a0a44e7269446433c3dfba1f3dd4 | Triage

Sharing

General

Target

2025-03-06_d2da4a824e7f0adf3d123e7e928be701_ryuk
Size

1.5MB
Sample

250306-xm3hxsvxbs
MD5

d2da4a824e7f0adf3d123e7e928be701
SHA1

73a35316286fa71354b7f70297b5352856e91b55
SHA256

5e6415deaf980660f1d4e2370288a2942e08a0a44e7269446433c3dfba1f3dd4
SHA512

1ba8325721ac28982f7a5c01d7f061bc14e5e57d4e242f6ad50cc334bdbe7c733ff8077b449d19a49c8668d68f82b08592602c49c8d1b92f143bcfc9c4b7ef8b
SSDEEP

49152:R+dY+HsrHNIyuMMyU6T7PmpclbwbWAaJiwmqTjcoezo:vdvR7OxqPFZ

Score

10^/10

azov persistence ransomware wiper

Malware Config

Targets

- Target
  
  2025-03-06_d2da4a824e7f0adf3d123e7e928be701_ryuk
- Size
  
  1.5MB
- MD5
  
  d2da4a824e7f0adf3d123e7e928be701
- SHA1
  
  73a35316286fa71354b7f70297b5352856e91b55
- SHA256
  
  5e6415deaf980660f1d4e2370288a2942e08a0a44e7269446433c3dfba1f3dd4
- SHA512
  
  1ba8325721ac28982f7a5c01d7f061bc14e5e57d4e242f6ad50cc334bdbe7c733ff8077b449d19a49c8668d68f82b08592602c49c8d1b92f143bcfc9c4b7ef8b
- SSDEEP
  
  49152:R+dY+HsrHNIyuMMyU6T7PmpclbwbWAaJiwmqTjcoezo:vdvR7OxqPFZ
Score

10^/10

azov persistence ransomware wiper
- Azov
  A wiper seeking only damage, first seen in 2022.
  ransomware wiper azov
- Azov family
  azov
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azovpersistenceransomwarewiper

behavioral2