General
-
Target
4c7d496c02177037f58588579239caa1d95d509c.zip
-
Size
560KB
-
Sample
210413-t8xwt19k6x
-
MD5
2fa81856c7734d054f5eb3a0363638ab
-
SHA1
0bf72720ee93c9ee297e182aa90473d7aa867bef
-
SHA256
946b58a1341ed568aa967d9c24b638fb9cb0277c3c27b8eabfdc31cfcf4d6fd6
-
SHA512
a40469660290a813b43732b49095bb9b99c6dc9bf58681b220be6c01a23ebf78088a320fd5d8d038dcea6ea6b1021a12af7f5141964906c43f24f4162e1d94fd
Static task
static1
Behavioral task
behavioral1
Sample
840ab447e0f3a2a982ff8f0c3c336338a6df691c8b0b74b0f153c0f6a15662e2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
840ab447e0f3a2a982ff8f0c3c336338a6df691c8b0b74b0f153c0f6a15662e2.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
840ab447e0f3a2a982ff8f0c3c336338a6df691c8b0b74b0f153c0f6a15662e2
-
Size
1.3MB
-
MD5
fd61adfce25d440ef8994d124cfce67c
-
SHA1
4c7d496c02177037f58588579239caa1d95d509c
-
SHA256
840ab447e0f3a2a982ff8f0c3c336338a6df691c8b0b74b0f153c0f6a15662e2
-
SHA512
67aeb813bc7be2bf61117a04ee995de70c7b248d044699b33fe1d040476a8d7963ce4831a195591237dcd4e2df07c06971281ffa8c9a70f233469721580e35fc
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-