- First seen: November 2022
- Aliases:
- Samples:
- fecf58289416126529b492865d08899989a25ef1205e865fe08779ff1efac288 | windows | ransom | pe
- b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801 | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 215285 bytes |
| CRC32 | 0xb0e80b43 |
| MD5 | 20a2ee0ec194ca60b1e35fd6d18a5242 |
| SHA1 | c6ff49fa09d4066ec66dd12d49939b8fa585d0cc |
| SHA256 | fecf58289416126529b492865d08899989a25ef1205e865fe08779ff1efac288 |
| SHA512 | e4ceb133848b66126cf2f1df9b4f6e147c1cd6c63bf4a3f65ab0bd07e74b61a29c5c9f3229b3ae8e2e0d32261e3be555de4d92584c25096dbc587b83cfcb301d |
| Ssdeep | 3072:rBQhU39KQo0WVThtfvMTmFWbpvcGr/yryIdXRWy4ZNC9m+EfRezW/ipNtoZ:rys9T6TPfUTmFW1U2aOpBZw9m+u0XpNm |
| Magic | PE32+ executable (GUI) x86-64, for MS Windows |
| Packer | PE+(64): linker: Microsoft Linker(12.0*)[EXE64] |
| TrID | 89.2% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 4.7% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 0.9% (.ICL) Windows Icons Library (generic) (2059/9) 0.9% (.EXE) OS/2 Executable (generic) (2029/13) |
+ Avast: clean
- Avira: HEUR/AGEN.1042882
- Bitdefender: Gen:Variant.Cerbu.155261
+ Clamav: clean
+ Comodo: clean
- Drweb: Win32.HLLP.Azov.2
- Eset: Win64/Filecoder.GG
+ Fsecure: clean
- Kaspersky: HEUR:Trojan-Ransom.Win32.Blocker.pef
+ Mcafee: clean
+ Sophos: clean
+ Symantec: clean
+ Trendmicro: clean
- Windefender: Ransom:Win64/Azov.psyA!MTB| Property | Value |
|---|---|
| Size | 32768 bytes |
| CRC32 | 0x7017fca6 |
| MD5 | 6468ee100d88c71d55dfdcf4e30f991e |
| SHA1 | 5c520d2d7dc4c9e5d536d3aff998185657d40ac8 |
| SHA256 | b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801 |
| SHA512 | 41913eb5adaab42c7ebff547421c0faedede5a3356cb2aa8b92ab20320f73766101056853f450435281cf31e7f32603c62fbd88fa3a680b19abda5d8cc9a98ae |
| Ssdeep | 768:QzG3EG0IUJrd6dQar/MjfW33AMar6q3Fu:QKEG4Jx6Ky/Mjo3AMa13U |
| Magic | PE32+ executable (GUI) x86-64, for MS Windows |
| Packer | PE+(64): compiler: FASM(1.73)[EXE64] |
| TrID | 33.4% (.EXE) OS/2 Executable (generic) (2029/13) 33.0% (.EXE) Generic Win/DOS Executable (2002/3) 33.0% (.EXE) DOS Executable Generic (2000/1) 0.4% (.VXD) VXD Driver (29/21) |
+ Avast: clean
- Avira: HEUR/AGEN.1035191
- Bitdefender: Gen:Variant.Ransom.Magniber.26
- Clamav: Win.Ransomware.Expiro-9975896-0
- Comodo: Malware
+ Drweb: clean
- Eset: Win64/Filecoder.GG
- Fsecure: Heuristic.HEUR/AGEN.1361330
- Kaspersky: Trojan-Dropper.Win32.Dapato.rcmu
- Mcafee: RDN/Generic Dropper
+ Sophos: clean
- Symantec: Trojan.Gen.MBT
+ Trendmicro: clean
- Windefender: Trojan:Win32/Tiggre- https://blog.polyswarm.io/azov-ransomware-built-to-wipe-data?
- https://www.bleepingcomputer.com/news/security/azov-ransomware-is-a-wiper-destroying-data-666-bytes-at-a-time/
- https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper/
- https://blog.checkpoint.com/2022/12/12/from-disruption-to-destruction-azov-ransomware-presents-a-new-shift-towards-destructive-wipers/