General
-
Target
81167abaa65dbf3c0bf4f96fbe2f444f4d4792557c7c3e2b8d617b97aa851e47
-
Size
775KB
-
Sample
210528-94g2mmee4e
-
MD5
5a4a25f727c79268563a5fede587d83e
-
SHA1
82b78209630d7d5ceb5e58e81a48b77c23ba5dca
-
SHA256
81167abaa65dbf3c0bf4f96fbe2f444f4d4792557c7c3e2b8d617b97aa851e47
-
SHA512
d11b877c57efa25ca6f581cc8ee311da44dbb8d6e754ae225c213e3ae8644454f0c2709a0229f3eadfc58d6e3072ae15f33d8e69dde78b270a117f23dc949f4c
Static task
static1
Behavioral task
behavioral1
Sample
81167abaa65dbf3c0bf4f96fbe2f444f4d4792557c7c3e2b8d617b97aa851e47.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
81167abaa65dbf3c0bf4f96fbe2f444f4d4792557c7c3e2b8d617b97aa851e47.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\Contacts\rnOjA_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\rnOjA_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\MSN Websites\rnOjA_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Public\Music\Sample Music\rnOjA_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\EPW5UDw_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Documents\EPW5UDw_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\EPW5UDw_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
81167abaa65dbf3c0bf4f96fbe2f444f4d4792557c7c3e2b8d617b97aa851e47
-
Size
775KB
-
MD5
5a4a25f727c79268563a5fede587d83e
-
SHA1
82b78209630d7d5ceb5e58e81a48b77c23ba5dca
-
SHA256
81167abaa65dbf3c0bf4f96fbe2f444f4d4792557c7c3e2b8d617b97aa851e47
-
SHA512
d11b877c57efa25ca6f581cc8ee311da44dbb8d6e754ae225c213e3ae8644454f0c2709a0229f3eadfc58d6e3072ae15f33d8e69dde78b270a117f23dc949f4c
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon Ransomware
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-