General
-
Target
taskhost.exe
-
Size
1.1MB
-
Sample
200906-hhqmn9hdrn
-
MD5
255f4b48567937bc0373af60bef975b3
-
SHA1
93da8a8a67965a9b5cd3f3a9de9f333a541d9dc7
-
SHA256
d6642e896600cb29365f61dfe28c94c6f075bf90b34cbdf6ff5466756e33eb0d
-
SHA512
8bee1b0a91eb40d9d613d8e4fc2bff9bdbc1175fa78eda67178dae04aae7700cc219a195eb5cc99ea21290a43f7dfac4c557a58a350a77bebaad2e69d6e8b885
Static task
static1
Behavioral task
behavioral1
Sample
taskhost.exe
Resource
win7
Behavioral task
behavioral2
Sample
taskhost.exe
Resource
win10v200722
Malware Config
Extracted
C:\Users\Admin\Contacts\JZZ5R_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Documents\JZZ5R_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\JZZ5R_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\P4nyljPG_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\P4nyljPG_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\P4nyljPG_readme_.txt
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
taskhost.exe
-
Size
1.1MB
-
MD5
255f4b48567937bc0373af60bef975b3
-
SHA1
93da8a8a67965a9b5cd3f3a9de9f333a541d9dc7
-
SHA256
d6642e896600cb29365f61dfe28c94c6f075bf90b34cbdf6ff5466756e33eb0d
-
SHA512
8bee1b0a91eb40d9d613d8e4fc2bff9bdbc1175fa78eda67178dae04aae7700cc219a195eb5cc99ea21290a43f7dfac4c557a58a350a77bebaad2e69d6e8b885
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon Ransomware
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-