General
-
Target
5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9
-
Size
775KB
-
Sample
210528-lbcgq9qplj
-
MD5
c4a46d298d727179df2394f8501b682f
-
SHA1
ef8d5f3bc1be11eea8fda45091944ada4a5b69f8
-
SHA256
5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9
-
SHA512
35b1f970b9c2a0eff1b8b13bfb545446d35b33dd7d07031ac238a0cb0f28b8031fa55456e6f2af85e5ed112c70c688c836e82b68ed33646cabb724096578dc4a
Static task
static1
Behavioral task
behavioral1
Sample
5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\1zvQ4_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Microsoft Websites\1zvQ4_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\1zvQ4_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\1zvQ4_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\iQrVvZoT_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\iQrVvZoT_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\iQrVvZoT_readme_.txt
3uhs5BcwUgkilEVgUDsESaNB7QkN
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\iQrVvZoT_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9
-
Size
775KB
-
MD5
c4a46d298d727179df2394f8501b682f
-
SHA1
ef8d5f3bc1be11eea8fda45091944ada4a5b69f8
-
SHA256
5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9
-
SHA512
35b1f970b9c2a0eff1b8b13bfb545446d35b33dd7d07031ac238a0cb0f28b8031fa55456e6f2af85e5ed112c70c688c836e82b68ed33646cabb724096578dc4a
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon Ransomware
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-