Overview

overview

10

Static

static

3

2025-03-07...uk.exe

windows7-x64

10

2025-03-07...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-07_9fc97036e3dfd4f14d1d32e8e495f3ba_ryuk

  • Size

    1.4MB

  • Sample

    250307-szw5fssvbx

  • MD5

    9fc97036e3dfd4f14d1d32e8e495f3ba

  • SHA1

    788dfed0a91a35150a213b5f273c9711c5785e20

  • SHA256

    bf0de1c0cdb6e7fe7c7b7457ba581a3440427bbf6d0709034c88326fbb21d560

  • SHA512

    2fd2df42fdf00cd298b08f39ceb3978931dd91db06ca6bc3f62f7f5e4c923b426abcfc5d4a9b686989bedecbcb0be18c1fa667cb14a2f55acbe415b39cd55fef

  • SSDEEP

    24576:f1bGx2OHUK2Ti4i9lc9oKpNOcTj3+fVevgw5Z09XaUDdnim:f1bGxpUKr4i9udpNrTr+fOgwf08wim

Score
10/10
azovpersistenceransomwarewiper

Malware Config

Targets

    • Target

      2025-03-07_9fc97036e3dfd4f14d1d32e8e495f3ba_ryuk

    • Size

      1.4MB

    • MD5

      9fc97036e3dfd4f14d1d32e8e495f3ba

    • SHA1

      788dfed0a91a35150a213b5f273c9711c5785e20

    • SHA256

      bf0de1c0cdb6e7fe7c7b7457ba581a3440427bbf6d0709034c88326fbb21d560

    • SHA512

      2fd2df42fdf00cd298b08f39ceb3978931dd91db06ca6bc3f62f7f5e4c923b426abcfc5d4a9b686989bedecbcb0be18c1fa667cb14a2f55acbe415b39cd55fef

    • SSDEEP

      24576:f1bGx2OHUK2Ti4i9lc9oKpNOcTj3+fVevgw5Z09XaUDdnim:f1bGxpUKr4i9udpNrTr+fOgwf08wim

    Score
    10/10
    azovpersistenceransomwarewiper

    • Azov

      A wiper seeking only damage, first seen in 2022.

      ransomwarewiperazov

    • Azov family

      azov

    • Renames multiple (78) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks