General
-
Target
00daa5e07721ca27f52b304de369b5011c5ab094bd820216266b3ce50f5a16dd
-
Size
1.7MB
-
Sample
210120-j9dy5fdr5a
-
MD5
bc0ce4181149776bee2693f059574de5
-
SHA1
8f979c607688460ff489e82797c3b2da34d41846
-
SHA256
00daa5e07721ca27f52b304de369b5011c5ab094bd820216266b3ce50f5a16dd
-
SHA512
35b302d20579fe88942d53d4508a94514fe69159f6f795cdf5ba786c4cb072800c8b36d512969cb539c45300c5cd8166ffeaac811b11ed376bc1d378001ac3d7
Static task
static1
Behavioral task
behavioral1
Sample
00daa5e07721ca27f52b304de369b5011c5ab094bd820216266b3ce50f5a16dd.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
00daa5e07721ca27f52b304de369b5011c5ab094bd820216266b3ce50f5a16dd.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\Contacts\LGBOi_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Links\LGBOi_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\odt\KvhBy_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Music\KvhBy_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\KvhBy_readme_.txt
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
00daa5e07721ca27f52b304de369b5011c5ab094bd820216266b3ce50f5a16dd
-
Size
1.7MB
-
MD5
bc0ce4181149776bee2693f059574de5
-
SHA1
8f979c607688460ff489e82797c3b2da34d41846
-
SHA256
00daa5e07721ca27f52b304de369b5011c5ab094bd820216266b3ce50f5a16dd
-
SHA512
35b302d20579fe88942d53d4508a94514fe69159f6f795cdf5ba786c4cb072800c8b36d512969cb539c45300c5cd8166ffeaac811b11ed376bc1d378001ac3d7
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-