General

  • Target

    01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.zip

  • Size

    1023KB

  • Sample

    230311-tckzcaad37

  • MD5

    5ea6f26b734ba366c801dbc4bef0ad28

  • SHA1

    232ce5cb35b9c930da0cfcb07d074aecd8f30a28

  • SHA256

    f6fce8a0d32cba5508cf11d4a9ab53a1bbef43bdeb64ffd6930a40211b5f3bef

  • SHA512

    1c5a3d51a7ed352e9744ffc2663a41fbfb147a9d5520fa0bca9fa309841d50e95746985f5620001ba311579a971271301a81473dca9ccfceb2b8b7e208035129

  • SSDEEP

    24576:Bk8/ERRKJP0ISRy1nPxQPGTSDQsbuLkDOaLDvDrESm:e8/ESJPbS4NPqwSDQsbuLkDO4DDtm

Malware Config

Targets

    • Target

      01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe

    • Size

      2.0MB

    • MD5

      f8290f2d593a05ea811edbd3bff6eacc

    • SHA1

      497985116f4ebaa05f1774c16adb5aa52b8e9756

    • SHA256

      01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993

    • SHA512

      97e4563b6112e4f6c7ee46cc1e18de931d4e052d387e6c37f7fdd7d352ef817778bd95041eeaf05e2bdf657afa1b09e52f4933ca22c6ea8f98983d8c13b56c14

    • SSDEEP

      24576:AxT2+3dmY7FF1JLurH0q7kRZLJn0A0ffqN3CzPtakNLIE4GPoyP:f+NmY7FFHurUayLLKCdCzPtFZb

    • Avaddon

      Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

    • Avaddon payload

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

File Deletion

2
T1107

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Impact

Inhibit System Recovery

2
T1490

Tasks