General
-
Target
6c68f61ddd1c17b8bef5080ee8b113ebaa90c415a11a137f74a73429fb79877d
-
Size
714KB
-
Sample
210528-7vg1arx6jj
-
MD5
c497f83e28e9f3a7fdebc64ab1a1ea23
-
SHA1
4eee6846c84fb3eb1b73ca085a9ee016aa0bedb9
-
SHA256
6c68f61ddd1c17b8bef5080ee8b113ebaa90c415a11a137f74a73429fb79877d
-
SHA512
b761e1e9de8e2a1ad43ef86b3adf0839bdda26f02edcd7aaf701cbf930c38d8a9381794f6e2edc6959ef1ce23a23d3b68640c737ab817a03d533db1e3004dd42
Static task
static1
Behavioral task
behavioral1
Sample
6c68f61ddd1c17b8bef5080ee8b113ebaa90c415a11a137f74a73429fb79877d.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6c68f61ddd1c17b8bef5080ee8b113ebaa90c415a11a137f74a73429fb79877d.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\1zvQ4_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Links\1zvQ4_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\1zvQ4_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\odt\q9yfv_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\q9yfv_readme_.txt
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\q9yfv_readme_.txt
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
6c68f61ddd1c17b8bef5080ee8b113ebaa90c415a11a137f74a73429fb79877d
-
Size
714KB
-
MD5
c497f83e28e9f3a7fdebc64ab1a1ea23
-
SHA1
4eee6846c84fb3eb1b73ca085a9ee016aa0bedb9
-
SHA256
6c68f61ddd1c17b8bef5080ee8b113ebaa90c415a11a137f74a73429fb79877d
-
SHA512
b761e1e9de8e2a1ad43ef86b3adf0839bdda26f02edcd7aaf701cbf930c38d8a9381794f6e2edc6959ef1ce23a23d3b68640c737ab817a03d533db1e3004dd42
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon Ransomware
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-