General
-
Target
download
-
Size
775KB
-
Sample
210420-g9dc65ngre
-
MD5
b1d5df48725672b525c8879670d10eaa
-
SHA1
6a6956aff077aeda5b22873cfb891632fbce6bc7
-
SHA256
f9b748cf35278dc4bfaa2127ca1d6016fafbeb768b1a09c7ab58560632dbd637
-
SHA512
7fc5fda6187a994cebc8d2e3eb895eabeea1b2b2f8195951e9b32375d23f0d9c709f69016813d97cbdf9d0a01f3e10aaf2360dfb712127aba06feef12c22035c
Static task
static1
Behavioral task
behavioral1
Sample
download.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
download.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\Contacts\tEyFD_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\tEyFD_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Links\tEyFD_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\tEyFD_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\odt\xbPFm5X_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\xbPFm5X_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
download
-
Size
775KB
-
MD5
b1d5df48725672b525c8879670d10eaa
-
SHA1
6a6956aff077aeda5b22873cfb891632fbce6bc7
-
SHA256
f9b748cf35278dc4bfaa2127ca1d6016fafbeb768b1a09c7ab58560632dbd637
-
SHA512
7fc5fda6187a994cebc8d2e3eb895eabeea1b2b2f8195951e9b32375d23f0d9c709f69016813d97cbdf9d0a01f3e10aaf2360dfb712127aba06feef12c22035c
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon Ransomware
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-