General
-
Target
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.zip
-
Size
1023KB
-
Sample
230311-tckzcaad37
-
MD5
5ea6f26b734ba366c801dbc4bef0ad28
-
SHA1
232ce5cb35b9c930da0cfcb07d074aecd8f30a28
-
SHA256
f6fce8a0d32cba5508cf11d4a9ab53a1bbef43bdeb64ffd6930a40211b5f3bef
-
SHA512
1c5a3d51a7ed352e9744ffc2663a41fbfb147a9d5520fa0bca9fa309841d50e95746985f5620001ba311579a971271301a81473dca9ccfceb2b8b7e208035129
-
SSDEEP
24576:Bk8/ERRKJP0ISRy1nPxQPGTSDQsbuLkDOaLDvDrESm:e8/ESJPbS4NPqwSDQsbuLkDO4DDtm
Behavioral task
behavioral1
Sample
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe
-
Size
2.0MB
-
MD5
f8290f2d593a05ea811edbd3bff6eacc
-
SHA1
497985116f4ebaa05f1774c16adb5aa52b8e9756
-
SHA256
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993
-
SHA512
97e4563b6112e4f6c7ee46cc1e18de931d4e052d387e6c37f7fdd7d352ef817778bd95041eeaf05e2bdf657afa1b09e52f4933ca22c6ea8f98983d8c13b56c14
-
SSDEEP
24576:AxT2+3dmY7FF1JLurH0q7kRZLJn0A0ffqN3CzPtakNLIE4GPoyP:f+NmY7FFHurUayLLKCdCzPtFZb
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-