General
-
Target
98530faca26c3f080ca545ccc39430a274761ca85cc5ca4a41f1b8eac7156e32
-
Size
775KB
-
Sample
210528-m4xvtzyvks
-
MD5
80814a8341fb80349d90c18be7c9dda1
-
SHA1
47da9d4cf72296f94faf03d39725a53a24f8e834
-
SHA256
98530faca26c3f080ca545ccc39430a274761ca85cc5ca4a41f1b8eac7156e32
-
SHA512
c3ceb0a1acedba5279597e4245a99a217ce8d89aca114ea9d13d53dba16a2950ac0ef7fbc542c2da6fb0c9449cd072625f8cbaef567850fff4be01fd9864fb4d
Static task
static1
Behavioral task
behavioral1
Sample
98530faca26c3f080ca545ccc39430a274761ca85cc5ca4a41f1b8eac7156e32.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
98530faca26c3f080ca545ccc39430a274761ca85cc5ca4a41f1b8eac7156e32.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\Contacts\hdU79VSy_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Documents\hdU79VSy_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Links for United States\hdU79VSy_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\hdU79VSy_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\hdU79VSy_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\hdU79VSy_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\hdU79VSy_readme_.txt
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
98530faca26c3f080ca545ccc39430a274761ca85cc5ca4a41f1b8eac7156e32
-
Size
775KB
-
MD5
80814a8341fb80349d90c18be7c9dda1
-
SHA1
47da9d4cf72296f94faf03d39725a53a24f8e834
-
SHA256
98530faca26c3f080ca545ccc39430a274761ca85cc5ca4a41f1b8eac7156e32
-
SHA512
c3ceb0a1acedba5279597e4245a99a217ce8d89aca114ea9d13d53dba16a2950ac0ef7fbc542c2da6fb0c9449cd072625f8cbaef567850fff4be01fd9864fb4d
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon Ransomware
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-