General
-
Target
f952ef4c3e3725f4658be9a8151d4c180ac7112d06737e52dd7aaf2ebae29510
-
Size
775KB
-
Sample
240315-q43fxshh9t
-
MD5
d07a6feeefd44db942a5cf4c78500324
-
SHA1
6c72f681191ba91e1d4886d64fa82b37d63dae3a
-
SHA256
f952ef4c3e3725f4658be9a8151d4c180ac7112d06737e52dd7aaf2ebae29510
-
SHA512
bec2395bcb722564028f7334548e69480856bf12cf6185bfe2bbf88bd477ff5a3bc413240496b2b67cd15971dcf97e2b0d1bde725e5fe673b5a0eaa7f2895a8c
-
SSDEEP
24576:TCsD9+OXLpMePfI8TgmBTCDqEbOpPtpFhh4xfq:5cOXLpMePfzVTCD7gPtLhhofq
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\u5AQ5jfO_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bDbcCBBAAe
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MjMzOC1sdEg3cEI5R2w1Q3Z1WmxqUThUUERpRUVnMHBkN1RYUmw2Ymt2VnRkRzluNkcrNDR3VmdEUm0raUdQSGxuVzk4dGpoZnRZWjhPeGlKak4zWmFWM2MwZHExaEFDUVk1bjdXNFpTS3JJNjNNWHY5djBKRVBXTGQzT0xMZVRzK3BzZ3lUNlBrQnJuQ0tmK21xa2VJNGFlK0dob3lhWnhlSVg3UEJDcWNJSGQ3Vm84MWNHUk53RHFwTnZMUS8vK3NpOTUvRTdkNUF6ZDdwSUk4eVEvWWI5Ly9kNTdiRVpCRDlLK0RPRnM3aGs3TDBNMEZFQU5YUFVGRHZLcXR2NFZnRGtvRzB5N21GYzBYNE9YQVZOQ29mVndDQlZLMnhhUTBseVMxcnpGcmppVmNPK0UrR1VnNjRqVlBoeTFLa08wNkMrcFZlYnk0aXhobzBQRm1Vbm9Nbnl5YUVaK0w4d0dGbTE3NllET1B6M1dneDd4dU9yek1yL3JxT3ZJRVRzNVo1MlZiOG5lcURZYXkxajVxUzJrc21qV2ZHMnY5T3RCWVpTSElDRGpEK1YvTjl1OXg2eXl2T2Z5UC9CS051SGFBZExmOHErYWR2T2JtN3NUMThGTzZWczZqYkhFN3NscmdJeVA2MUl4aXBKVlFGTS9zRVcrSTh2dEsyUU95TU9QSlUvMlFuNElTNS9BSnM3N1JzcUVPQTBXdDVLVlhhamtpYk5odUtCeWx6WEdxZUExYXptSk90YnUwdmhDQzh0UnhPaFlwK1N6Zkd2UUs5R1EvZElzL2RvWi9ONEVYeGM2b3cwelQ1V0RVQWtXQlBXK3daS1V2S2phZE02eXNjTWJQZTY2dStkVjRRZ0V5MlRlU0NjR3BtQVoyNzlrRWxETkcxanloV1VNZVF0MlVtbDJ2NHVMRlc1QlFCZ21LWFNhNEFnWHlPY0Fodzh6aFc5RUhscGRxU253a2czdTlNeVJnMzdURjVIRDI2a0hYaHl1anpVUjcwalFMWGJlWXN2bFNBZjJ5NXp1OVhldmdLUjNOa3AzMnR2WjJhVGlJUFhPSzU0cmVqOGFseGthYVk1cm5xSUgwYjdkQWVWVU9SK2o5Wm1DZnlKY0laU09aT0JtNWVSWmJ3L3l1SW82Q1RMZmVHcllveDBhTy9KcUFvWjA2SkZUaFBhM3RWYTU2M3JCc3paOTlka3NSMS9JOXpLUmtEeWNobUs5OXVwS1NlelcrbTJ4VUphV3Nkd1BFSWE4QWQwV3ZPVWJudW5xalV4SXVuTzROYXFCY1BtWG5KTnk0VzFGT2plYTZNUEdoRTFzenRpci9nclM5bHFlSUNQT1Z5ZmVOeFdFdmM1VjdISVdLNlZZZld5QmtXZ1dHb2RLWCt4NVpENGlxQ2R5aFFnTkNMMUR6dWhvK1k0Q1owbmJTN01ONFNmb2RzY0hZcCt2Vm1vemlNNGtTUEtIbHBVaHBxdmhxTGJTMjF3S213TmJxKzR5M2JldytXYzV4V3JqRDkwM3F3cWlubFRCVjVJTm04TVJURWRlQnR6M1gzZjdJbVVmc3pyN2VsQkVDci9oa3NJL3pXU1NGVTl5UFN6dkppK3h4RVN4Tms0VDRHZmlEdnUvMEljRnJkdGwxanhrYWwrWXNQSnh2ei9NZ0tKQ1UrUWViMzF0VW9JRGxPbHBuU0dCN204UXRsQjdpTWtodmJnOTZjOHZ4TUFLV2VuOXZod0VBUHYrb2E2N1JGVXNqVHcxWjVCNVNwRTB2cGtXVDU0dUh3TzVMaHcxdVcvU0lDbEt3aGlFM3pMYlVqR2xFWEQvUDBkdWswb0NJQlV1dlFmd3BZdUdENkpnNlRBd3RmdUNpSHRmTWRQUVcvbnVlZGZzdEhJVHRQRXVyakIrYkEyK1kxY0ZWdTRLUUM5Vk5SY2FURHViSTkzbjlzT1BkUnhUWW1TeW1Wc0hqSXkzOHREeTgzei9KOTFnbzJKVUYyc3BmTXcxUmRiMFF0SUNUSW8wQjB2YmhXNkp5TjdLRkhJMEI2UTN3QVJkcVp0aVZtMStsZEZuVW13UzR0SUNHdWdzNkw2QUd2b2NrY3ozODQwVjJXWGI2ckxHTVRwQTd3QXMrT1Q2NmR2blJDS2wwL3pLWDNUUDB2eXpCVWphK1F3cFk1NmNRdz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
bg89Z1GeX8Br
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Downloads\u5AQ5jfO_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bDbcCBBAAe
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MjMzOC1sdEg3cEI5R2w1Q3Z1WmxqUThUUERpRUVnMHBkN1RYUmw2Ymt2VnRkRzluNkcrNDR3VmdEUm0raUdQSGxuVzk4dGpoZnRZWjhPeGlKak4zWmFWM2MwZHExaEFDUVk1bjdXNFpTS3JJNjNNWHY5djBKRVBXTGQzT0xMZVRzK3BzZ3lUNlBrQnJuQ0tmK21xa2VJNGFlK0dob3lhWnhlSVg3UEJDcWNJSGQ3Vm84MWNHUk53RHFwTnZMUS8vK3NpOTUvRTdkNUF6ZDdwSUk4eVEvWWI5Ly9kNTdiRVpCRDlLK0RPRnM3aGs3TDBNMEZFQU5YUFVGRHZLcXR2NFZnRGtvRzB5N21GYzBYNE9YQVZOQ29mVndDQlZLMnhhUTBseVMxcnpGcmppVmNPK0UrR1VnNjRqVlBoeTFLa08wNkMrcFZlYnk0aXhobzBQRm1Vbm9Nbnl5YUVaK0w4d0dGbTE3NllET1B6M1dneDd4dU9yek1yL3JxT3ZJRVRzNVo1MlZiOG5lcURZYXkxajVxUzJrc21qV2ZHMnY5T3RCWVpTSElDRGpEK1YvTjl1OXg2eXl2T2Z5UC9CS051SGFBZExmOHErYWR2T2JtN3NUMThGTzZWczZqYkhFN3NscmdJeVA2MUl4aXBKVlFGTS9zRVcrSTh2dEsyUU95TU9QSlUvMlFuNElTNS9BSnM3N1JzcUVPQTBXdDVLVlhhamtpYk5odUtCeWx6WEdxZUExYXptSk90YnUwdmhDQzh0UnhPaFlwK1N6Zkd2UUs5R1EvZElzL2RvWi9ONEVYeGM2b3cwelQ1V0RVQWtXQlBXK3daS1V2S2phZE02eXNjTWJQZTY2dStkVjRRZ0V5MlRlU0NjR3BtQVoyNzlrRWxETkcxanloV1VNZVF0MlVtbDJ2NHVMRlc1QlFCZ21LWFNhNEFnWHlPY0Fodzh6aFc5RUhscGRxU253a2czdTlNeVJnMzdURjVIRDI2a0hYaHl1anpVUjcwalFMWGJlWXN2bFNBZjJ5NXp1OVhldmdLUjNOa3AzMnR2WjJhVGlJUFhPSzU0cmVqOGFseGthYVk1cm5xSUgwYjdkQWVWVU9SK2o5Wm1DZnlKY0laU09aT0JtNWVSWmJ3L3l1SW82Q1RMZmVHcllveDBhTy9KcUFvWjA2SkZUaFBhM3RWYTU2M3JCc3paOTlka3NSMS9JOXpLUmtEeWNobUs5OXVwS1NlelcrbTJ4VUphV3Nkd1BFSWE4QWQwV3ZPVWJudW5xalV4SXVuTzROYXFCY1BtWG5KTnk0VzFGT2plYTZNUEdoRTFzenRpci9nclM5bHFlSUNQT1Z5ZmVOeFdFdmM1VjdISVdLNlZZZld5QmtXZ1dHb2RLWCt4NVpENGlxQ2R5aFFnTkNMMUR6dWhvK1k0Q1owbmJTN01ONFNmb2RzY0hZcCt2Vm1vemlNNGtTUEtIbHBVaHBxdmhxTGJTMjF3S213TmJxKzR5M2JldytXYzV4V3JqRDkwM3F3cWlubFRCVjVJTm04TVJURWRlQnR6M1gzZjdJbVVmc3pyN2VsQkVDci9oa3NJL3pXU1NGVTl5UFN6dkppK3h4RVN4Tms0VDRHZmlEdnUvMEljRnJkdGwxanhrYWwrWXNQSnh2ei9NZ0tKQ1UrUWViMzF0VW9JRGxPbHBuU0dCN204UXRsQjdpTWtodmJnOTZjOHZ4TUFLV2VuOXZod0VBUHYrb2E2N1JGVXNqVHcxWjVCNVNwRTB2cGtXVDU0dUh3TzVMaHcxdVcvU0lDbEt3aGlFM3pMYlVqR2xFWEQvUDBkdWswb0NJQlV1dlFmd3BZdUdENkpnNlRBd3RmdUNpSHRmTWRQUVcvbnVlZGZzdEhJVHRQRXVyakIrYkEyK1kxY0ZWdTRLUUM5Vk5SY2FURHViSTkzbjlzT1BkUnhUWW1TeW1Wc0hqSXkzOHREeTgzei9KOTFnbzJKVUYyc3BmTXcxUmRiMFF0SUNUSW8wQjB2YmhXNkp5TjdLRkhJMEI2UTN3QVJkcVp0aVZtMStsZEZuVW13UzR0SUNHdWdzNkw2QUd2b2NrY3ozODQwVjJXWGI2ckxHTVRwQTd3QXMrT1Q2NmR2blJDS2wwL3pLWDNUUDB2eXpCVWphK1F3cFk1NmNRdz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
yokWuD3yNktP8kt
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Pictures\u5AQ5jfO_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bDbcCBBAAe
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MjMzOC1sdEg3cEI5R2w1Q3Z1WmxqUThUUERpRUVnMHBkN1RYUmw2Ymt2VnRkRzluNkcrNDR3VmdEUm0raUdQSGxuVzk4dGpoZnRZWjhPeGlKak4zWmFWM2MwZHExaEFDUVk1bjdXNFpTS3JJNjNNWHY5djBKRVBXTGQzT0xMZVRzK3BzZ3lUNlBrQnJuQ0tmK21xa2VJNGFlK0dob3lhWnhlSVg3UEJDcWNJSGQ3Vm84MWNHUk53RHFwTnZMUS8vK3NpOTUvRTdkNUF6ZDdwSUk4eVEvWWI5Ly9kNTdiRVpCRDlLK0RPRnM3aGs3TDBNMEZFQU5YUFVGRHZLcXR2NFZnRGtvRzB5N21GYzBYNE9YQVZOQ29mVndDQlZLMnhhUTBseVMxcnpGcmppVmNPK0UrR1VnNjRqVlBoeTFLa08wNkMrcFZlYnk0aXhobzBQRm1Vbm9Nbnl5YUVaK0w4d0dGbTE3NllET1B6M1dneDd4dU9yek1yL3JxT3ZJRVRzNVo1MlZiOG5lcURZYXkxajVxUzJrc21qV2ZHMnY5T3RCWVpTSElDRGpEK1YvTjl1OXg2eXl2T2Z5UC9CS051SGFBZExmOHErYWR2T2JtN3NUMThGTzZWczZqYkhFN3NscmdJeVA2MUl4aXBKVlFGTS9zRVcrSTh2dEsyUU95TU9QSlUvMlFuNElTNS9BSnM3N1JzcUVPQTBXdDVLVlhhamtpYk5odUtCeWx6WEdxZUExYXptSk90YnUwdmhDQzh0UnhPaFlwK1N6Zkd2UUs5R1EvZElzL2RvWi9ONEVYeGM2b3cwelQ1V0RVQWtXQlBXK3daS1V2S2phZE02eXNjTWJQZTY2dStkVjRRZ0V5MlRlU0NjR3BtQVoyNzlrRWxETkcxanloV1VNZVF0MlVtbDJ2NHVMRlc1QlFCZ21LWFNhNEFnWHlPY0Fodzh6aFc5RUhscGRxU253a2czdTlNeVJnMzdURjVIRDI2a0hYaHl1anpVUjcwalFMWGJlWXN2bFNBZjJ5NXp1OVhldmdLUjNOa3AzMnR2WjJhVGlJUFhPSzU0cmVqOGFseGthYVk1cm5xSUgwYjdkQWVWVU9SK2o5Wm1DZnlKY0laU09aT0JtNWVSWmJ3L3l1SW82Q1RMZmVHcllveDBhTy9KcUFvWjA2SkZUaFBhM3RWYTU2M3JCc3paOTlka3NSMS9JOXpLUmtEeWNobUs5OXVwS1NlelcrbTJ4VUphV3Nkd1BFSWE4QWQwV3ZPVWJudW5xalV4SXVuTzROYXFCY1BtWG5KTnk0VzFGT2plYTZNUEdoRTFzenRpci9nclM5bHFlSUNQT1Z5ZmVOeFdFdmM1VjdISVdLNlZZZld5QmtXZ1dHb2RLWCt4NVpENGlxQ2R5aFFnTkNMMUR6dWhvK1k0Q1owbmJTN01ONFNmb2RzY0hZcCt2Vm1vemlNNGtTUEtIbHBVaHBxdmhxTGJTMjF3S213TmJxKzR5M2JldytXYzV4V3JqRDkwM3F3cWlubFRCVjVJTm04TVJURWRlQnR6M1gzZjdJbVVmc3pyN2VsQkVDci9oa3NJL3pXU1NGVTl5UFN6dkppK3h4RVN4Tms0VDRHZmlEdnUvMEljRnJkdGwxanhrYWwrWXNQSnh2ei9NZ0tKQ1UrUWViMzF0VW9JRGxPbHBuU0dCN204UXRsQjdpTWtodmJnOTZjOHZ4TUFLV2VuOXZod0VBUHYrb2E2N1JGVXNqVHcxWjVCNVNwRTB2cGtXVDU0dUh3TzVMaHcxdVcvU0lDbEt3aGlFM3pMYlVqR2xFWEQvUDBkdWswb0NJQlV1dlFmd3BZdUdENkpnNlRBd3RmdUNpSHRmTWRQUVcvbnVlZGZzdEhJVHRQRXVyakIrYkEyK1kxY0ZWdTRLUUM5Vk5SY2FURHViSTkzbjlzT1BkUnhUWW1TeW1Wc0hqSXkzOHREeTgzei9KOTFnbzJKVUYyc3BmTXcxUmRiMFF0SUNUSW8wQjB2YmhXNkp5TjdLRkhJMEI2UTN3QVJkcVp0aVZtMStsZEZuVW13UzR0SUNHdWdzNkw2QUd2b2NrY3ozODQwVjJXWGI2ckxHTVRwQTd3QXMrT1Q2NmR2blJDS2wwL3pLWDNUUDB2eXpCVWphK1F3cFk1NmNRdz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
KRLsFQpljNby0gXIrx
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Desktop\lM3Hb2_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bEADAbeedc
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MjMzOC0vN29vSkVuY2hEaUh6b1ZxWTdkYllWVHcyejJPazNYejhBMjVuUjBHYnRIWitNK2w2WWpNNnh4QUpreW02U2NuZU5tUzNTWVV3dmNyZ2hNU1IzWmNsaUl5cy83MDduWS95ZWhyVWUrRkVQekF1Y0xSZ3FOcFovWXY0SFNFbkJvenBtaUliOVBpQlh0QmVmMk1xcTkyRUhVNGZFOWdZMGFncFhQb2Z0R2N0S2h4Y01qVGxScUlnRUJGZ3REN1Qzay91ZHhxT3dYc0U1SGU0ZUlld2Y3TW83TVJYR0dZcHdWMDZPY3VlcGhpK1dENEFPdDhhMHp6NERSOXN0NTFNUVlZNUhQOGNqVUlmTkZPUncwdHFQbk4vOGZseVpLNWJoUUtBUlkyekRvOXEzaFc2RVhpU25JYWdHN1ZIVEVOOHdBNXlURUF4d3pWdGF3SUlYMXZTTkpyY0c4bnBoc25hQko5Y2dSTDd1RExjY05ka2NZRUtJQUtFT3BUUzRCcUI0RUxYelZXcTFSMld3SU5vR0U3WG44OXRqZ05xVkx0aDRJVnA1VzRUd0hnMlVZQWNnanNDQ1cwdG55Mnlmd1VLMTNXUmZzMjZFSEFlREJhNDVnSjdTTU1nTEZtc3ROMEVRZnlrd0JtenJSUmhINi9hR2Rmbm5udmtIK2ppN2ZtV0VteUlWSVFFbGhUZjQ5UXNZNEpvZCtZVnNvOWVnWjIveWhEcTNvbDEvTU01YWtweGdDUjVDSWFPQzVsV20wS0V3Nk9EeTdOb1B5WS9FS1R4TkQrYy96bXpJZGxLOHRPMi9hZExqbGVPeWxkWXhLOG41VStmZlZTUTllVGM5RzZxZmtvdXI5ZUJXakV4dVdMbkpHWXJtQUpGYTVld2d4bGUzRXNIbU12Q1dlMjFzNFJVZE1JbTV4aytsZXc5dmF4bC9JaHVXWldXQVFWNmV3MFFXa3FVbTNLbjdHSWlsMCtWS2YySGlyMzRLUTZTcTRBcmRLZS9neDJ3d2lOb0NZdEtQdTJERUdieXgyb1RscUdyc1o0L0tqQmJVeUVIY1BvRWhwK2sxWHR2TkJxenEzVHdUT3lTK2dNNzRYMnYwOTMxWWM5Z1k5ckpTNjk3RWVTN0VjR2R0L2RZNnM3TFFRem9TWktibVJENkFZNkR0Zk9ITi8rR0VnVjlGeEI0OG04QVZDbzZIMlpsbkJ5b3ZRSWNrZlpXSzZpTENOMkRtekU4Snc2a2puOFh4MHJQd2Z5S0NkR1N4MS9FUnlKVWlqTkVkZXVsSS83Qkd2RGlRdFlJY0svVG9TcHJFUHZrZEFwdDZKeTlXRVNrWGl4R3RFRnBvWjFGeFdpNEhaejdGZmpGVnhJNFJjYWpBUEZUVmZrVFdkbmxDKy9lcUl1LzNNL2xvSzkwOGVRbEZSTFFwREJJaWgyRFovWE9HbFVHTDQvUjhVZjRQMzZKMmtDMUoxZURFTFpwTW1tQTlCeFRFVW13ZW56azBVOUVxRTJHM3pXbmxSTVkrOTNPNHlxRlhINVB3eDZDT09LVTMwVTh5QndmRENCaVkwRTBWRlZwc0V5SklXYis5UVhqNVc1SVRiL0V6VU0zOVc4K2tTWHdrRDBKRUhjVklnOTIzcXpzTEVjWHd2VlVNcEF1Wk45SUx3ODVSNzYyZXdMZk9aeU5kQUJCRXA4aU1rNzNacTlqQVNtLzVsbWp5WmZpV2l6Y1JtelhYemdCcy9mOTJPNmMvSU41Wnk2ckhDeEt1a0JYT2VZMTdtV2hySkp4TUhITEIzaVVEN1B5cStmaFlEOEtkcWF3VURsN3RDY2FtMVlLMTZtSG5ubitPR0NSOUdmUFJCa094Q1JrYXorYmhlM05xdnhLUGtKU1JJbStsYWFnUFhmK0hQckE5MXoyd0g3d3ZpZjZ6ZWJ2bHlrb2d1SFczcXhYMThXSERMeS84dm9OZjhmOTZEcHRIMldaMzVWeTNNTGtGUDJtWkJaZE1RRGtCNWZYbWdWRUlTVkFOejRhOUFiMFdFS2lBUGluMUFRbjNuYVN3ZmNPY2F5eThXRm9uOXYreVgxSVBGZzdCeG9MNS83dUdwNm80eE51UmF1NmFxRWNuNTFBZ21uMkJjU2tQSmFlcGorWHQraXF2aStMMTB6OUtSZXN1M25QQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
hKyDPK6G
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
f952ef4c3e3725f4658be9a8151d4c180ac7112d06737e52dd7aaf2ebae29510
-
Size
775KB
-
MD5
d07a6feeefd44db942a5cf4c78500324
-
SHA1
6c72f681191ba91e1d4886d64fa82b37d63dae3a
-
SHA256
f952ef4c3e3725f4658be9a8151d4c180ac7112d06737e52dd7aaf2ebae29510
-
SHA512
bec2395bcb722564028f7334548e69480856bf12cf6185bfe2bbf88bd477ff5a3bc413240496b2b67cd15971dcf97e2b0d1bde725e5fe673b5a0eaa7f2895a8c
-
SSDEEP
24576:TCsD9+OXLpMePfI8TgmBTCDqEbOpPtpFhh4xfq:5cOXLpMePfzVTCD7gPtLhhofq
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
2