General
-
Target
download
-
Size
882KB
-
Sample
210420-yx495l37hn
-
MD5
c65ce4ba6d977022056272ffc86f51d4
-
SHA1
3811485a7d4ad5f551d844b81e15f44f00515cba
-
SHA256
194d34ae7ddcfa9918c1230cda4615d275baf0bb1a2bb2e0c2c5fb70a87ff4fa
-
SHA512
7792da612d84add79a3972f72a9580ab6a72e9624de43d708cf014d391ead9c415b7362853c18b6a855960bb000928a850b71f9a966575db9c2650094edf38d7
Static task
static1
Behavioral task
behavioral1
Sample
download.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
download.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\readme.html
avaddon
Targets
-
-
Target
download
-
Size
882KB
-
MD5
c65ce4ba6d977022056272ffc86f51d4
-
SHA1
3811485a7d4ad5f551d844b81e15f44f00515cba
-
SHA256
194d34ae7ddcfa9918c1230cda4615d275baf0bb1a2bb2e0c2c5fb70a87ff4fa
-
SHA512
7792da612d84add79a3972f72a9580ab6a72e9624de43d708cf014d391ead9c415b7362853c18b6a855960bb000928a850b71f9a966575db9c2650094edf38d7
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-