General
-
Target
b76e77b52d682f0938d120f3fe011660.exe
-
Size
68KB
-
Sample
201028-9lc5cj8sqj
-
MD5
b76e77b52d682f0938d120f3fe011660
-
SHA1
c1fdc71284b5a34b170470a6071626f40f4a4f65
-
SHA256
0ba5efbb88dd3a6cf12923ed9f6abe16431e839cf0d0beebc3e2e0cdf1a6af5a
-
SHA512
5547b31fd4635d81e8ea4d426c0133f291b0a1caa3237efb21f849fe71d2d504bf59a1d25e3a20265e6a6f8ce108e6adda47f66eed2c64ecfa96c593efb80177
Static task
static1
Behavioral task
behavioral1
Sample
b76e77b52d682f0938d120f3fe011660.exe
Resource
win7
Behavioral task
behavioral2
Sample
b76e77b52d682f0938d120f3fe011660.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\Desktop\LhTk7_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\LhTk7_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Default\LhTk7_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\odt\8xHXy_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\8xHXy_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\8xHXy_readme_.txt
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
b76e77b52d682f0938d120f3fe011660.exe
-
Size
68KB
-
MD5
b76e77b52d682f0938d120f3fe011660
-
SHA1
c1fdc71284b5a34b170470a6071626f40f4a4f65
-
SHA256
0ba5efbb88dd3a6cf12923ed9f6abe16431e839cf0d0beebc3e2e0cdf1a6af5a
-
SHA512
5547b31fd4635d81e8ea4d426c0133f291b0a1caa3237efb21f849fe71d2d504bf59a1d25e3a20265e6a6f8ce108e6adda47f66eed2c64ecfa96c593efb80177
-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon Ransomware
-
Phorphiex Payload
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-