avaddon

Sharing

Copy URL

Twitter E-mail

General

Target

33d390c351632b45a20a8a9939ef5794fcc2bb52b02201aa54de31b7f7bc396e
Size

775KB
Sample

240315-qnnylahc5t
MD5

66ef4802ece3a0d62cab8be7d6065c8d
SHA1

bf9bf0b3242ffb55726d8886480b23fc60b756c2
SHA256

33d390c351632b45a20a8a9939ef5794fcc2bb52b02201aa54de31b7f7bc396e
SHA512

84f3122608910846ea3b9c23170a2dd371b7f14e63362f5082a8d1dde154911b68e75c05f947e594333d7bdad455e67e4b43cd79afbd4d8f6d6361a53ef6427c
SSDEEP

24576:+Csl9+OXLpMePfI8TgmBTCDqEbOpPtpFa8xfq:Y+OXLpMePfzVTCD7gPtLaUfq

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\l0GqT_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BcBcCDeDEC You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTcyOC0yN3RycE5hUFMyU25LNllyZkQwWDdrdXhYaThoR24wNlhDcjJTV0xqZ25yS3UwdmdtamV4VlR2UmUvRnlPejZwVlZiZDBUNDVYNE4xaHRZOFRDVWRmSkxML0M2OGE2T1JnSHc4WUtoZWZGREVqRllURXZGYTNXOWorMUdWZElHeU50LzRsbFRoSTQ2MjZ3RGJaaFhtbytzNnhxU1dLbnhaM0F4TXhKTnhQVXVRUkZmMlBFMTYvdzVtK01Ca1BxL05lV0hMUE5BZkxrTTJEbE5uNjBxcUhGeHZlVVJxdHRuRWJtSHM0RitHcTdsTTF6TGtOSmFhYmpUV1VRaXhIaVpUU015MVNFNkxsbGNwU0pSRm1kWENoZE93U1ZxTVY1MzRGVlFZNGNWdDM3YzF1b2Z6NVNNeWExL2EwK1dTb3RoRTdtb2JmVFZ5OVE5RjMyOXBWdTI5RDF5Ykc4bFlBQ0NaQWJSOUd5azVON0dEUG9SSjUwSXdxcENHQlUwMFVDWnMxbkZkSUkwQ04vMWlEbyswaTVsOEhvRTFaVG1tKzVGNVdKdGtIRXFQQ3FLbnI3OUx0Y1hPWlZObk95MzFHVVF1SjVmUXdGbDdEa2dCY043VzZvY254TzV6aWh2NEt0Sm41UjUvcEU5OUhvQzRuaDBSRjVwY1c0QlAvd0ZpS1gzSmVrMWcxaDRsaTJlSzFieC9EMjVrMFIrYnc3VTZ0M1VtM1pYV3ZaTjVNSmYvRGh5WDNMNW5ZRjFZYnJudTZoanVvd3IxaWlhT2hSZDBwcjcvTk5vY0tBVVNML0V6cVpkZm1NOEJrMjRSSVlydTAyTkU3WlBObEl5bjUxR2hpblB5SHdTUFo4K1YxMkQ2aWwxSmJMR25oeTFTUzhIQnlYbUYxenJFRzdsa1RlU2p3SnN5SUxTSFlGemZGQnh5Vnd4WmNWTkVTa0RyQjRIckd2TmJyZmE4NDl5alI5dnZrdVlWeUN1TnI4ZytDWUFDMkV4VkZSRER2M3lMV3VCTEJxajlwbE1jTWs1ZXdXa3p6RTl3SGpvK1AwdGs1T2J2TXJWb21RdHNGbmUrd0tndU00Y1hyNkRpRy95ZUk5aXllMTZ3dUo3R3UrWGo1TWh1OFVIZ3d4Ym04ZFZXSjh0aTBYL2Zsbm1XUUVxOUF5Y2ZxQnl2OGZlQjhHOG92YThLZ2hnNzdBR2d2Wk9MSzBxbW1QdDhCdklyZ2oyb3cxNWdEYUpwTVpxVHlKNXhqSVY4eHdMY3pXdmdBQ3RqSWpwVmJLeEp2M2Z2YXZQcXNVZ3I4eHRZQjBtN0ErMWRoODNJWEt3eFBYeThlUjN5bnYzUjErM21lbktZaXpCRU43NGFQMFpYR3VYcW1ydTE0clp5TnhRNi9jbm4yZzBUQ3dmMTF4T0MyY0QzNkJXZ25vc0VabDk3TUJPaDJzMnk5aWM4eXBsaFJrN0lSOVVQT0NMaVNFSWlyRGVhVWJVY3pJdkpQT3JHSVFDclY4T0t6cTdsUEc3QmF0d0RjRk9ycXFyd1Fua0Fya0ZrMXBtR0prVDNZOWRGL2poV09zdmFwUk4rdktVVE9FZ215emFsc3N0enJnNUYrWFZwdnVKTjQ1cGhCZTdBUVp1ZHpCak93Z0EzdlFZcXNKNnB6SGRHVktVVXBxME0zdU5DN1Vaek1EK0Z3NjlSSzJFa3BxQ3M1bENJZ0dYMzh5bFBwUjFYd3JQYmNTMHd3aVBhS3FsdU5rTGVPYnhkancwTXE1R25XUXdPL2x3VVVYelV5S1ZuMmhMcU16dXNHTzBTaVM2NE96Uy8vbllhNVN2YnpTL09jRnFVNnlpb2MvOEZTU2JGSVdkdkVRNDVaRlRiOG9BS3lvWEg3US9VK2Jvd3Z5K1BNSkg4cjJwWHNTUEpqS1QwQWt6c0h1THdXRVlSUEM3QW5wSHErRFM4NytMSndFYmFTbVVDWVFnaWdCRktvdW5BV2w1aEMwa3RvZ0dWeS9RYXNLQzhQSVpMWnNqRmk3akc3bU5iYmp5QVZFeG9pbGdLV0dZRVFsdFpLNHUrZzd6WjR2QXQ1anNLSnVnNEhnT3N0T0ZCTW96ejNQTUxLVVhwWWlMd0JCTEpBYnJDeUZoTktPUW03KzYwcEJ4Qzlsa3ZYSW1jWDRxc2VEVjlXdz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 8csDonvSgbT

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\l0GqT_readme_.txt

Family

avaddon

Ransom Note

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Desktop\uxO27_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .CBeCbdDDbb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTcyOC10TUo0VzFoNkpCQk1tOW1TdnJWUVlCNThYaTlpVytRcnhPVmFJYzE0b3pKeVp6bno5Q0FGRVk4UDF3aVFXVmp6RDRwSktCSEJhNlRmNU5tU200TXVDVjFnT2YwdWZGOEdnN041TFE3aWJ3eHlSS1FzdXRoMTlqelkyRmNMWTJKN0o0RGMxZ3ZINHFHcTNXNk1ZVk5qVWtQNzFWSDE1K3JRMjJvR000OHpnelUvaGlFOFFLZWFEalFIaVY5RldtLzFPcWFPcFMvRWZHODExUTF6aHc1MTNWZTV0UHJBeC84dVdzS09DdHRWQjFJT2ZpRGlueDgwem1TaTRnczVOQzNFMXdIVmVSenFmOGdVNDYwcGRqcklETlZFaVp5ak5Dbk1PcE02MXl4N3dIZFNRZDFFRWxCSWl6NW1WNlMwUHI1UXgzMEdodkdkczdTQnByVmo5SUhtcFcrWGxNOW5WQk1aTUdNY2FiRGJ6SjM2VUR2Nm9hNytGWWNnQW1aUmJiTm9yb1cxbDR2eWZ4RC9oZHJLNVBIUXlJUlpzb3FVUWZtempiRHE3dnVTSG8wZEp0ZjFPVnR5bFloVVd3WVBodkdIbEZwbWEzdDBhbzFzaTRZVVB6Q085cDMycnZXRFAyNEd2c1hFSHFDREV4Z1FneTFTQktjeCs4TkRvWDdrTy9iZkZKcXZpUUpIWFFXV2FsMlM4RmVTOEJDWkU4cVB0Nk1mYVRyaGZVTUJ2MVJrdWdabnJBV0JrZDJuRlBiOFVzUzhBRWNONCtvOEwvRUNxSGJsbUQwOXUySUNYSXR1d0JmMy9sUnl0SFZxclN2SHlTRTNLVkdrZXYyZTRybUdlM2o1RFBCSnF6eE45dG5XbVVoQXdVRTdBMWlXYnlXQllDYitSZmVPUXdIQ051TXRJb3FJZzRRRW9lblA4OU41MHRhWGEyT0VRZzhCZmVtZmtKdzg0M0F1Sk5TdEtjN1NUSi95ODJLcTdnOHRUNzdNVjRMT01kM0doSi9XY2FBenlxRlhuZmE4Ymc0YjBrcUk1cVVSYTEydURKRWRmV05YYWVqQm5PVHppd2R4UXRQZ3d3Y2xIWVdNV2lQZGQyVG05R0RjZ2JUdktZRjlsTVZudnpMaENJTGF4d1Z4UVB1d01Vei9zc2ZONThXUExjK3FEaytKeVptcXlOZUxBdW9QWWp3cFRCdmRLaFd0YVl1UTVLU1N6eXVJcDc5cHh4b0FBSUtwUS9TS0dSbTlFZktzU2JjRW1jTHAxYUdjWHFtVE1JcUZDZE84M1lCampkU1JtaUVxc3V6Qk9YTVFoamRUUGdOSi9wVkk1T3M5aGwxcGNrVE55enZHVW8yZXpyWm1IbHpLcHB4QXBoTzFUbkxPOVM2V2VJOGlLRHM3TlF1SE01MFRUdmlxdTBsY3lPaFgxZXltbS9xY2lac1E0dll5Ym1ZWitOb2R4blFtT0c1eWkzS3drQ0htYWtOczZ5NVVKWGRSazRyYW85Ri9TMm81WlBmd1BLQmhwYW9wWGJwcCs4a1cwOXNYNXNNbHlHeVc5OVVnbkQ3KzU0cmxKWHZYYlVUemhqUklsTkdyVG45bTBTZmpnN25EQmVaKzhyMmlENlZHSlJGbmhJY21pNnkyWjBmU1pnLzJrNFV5Mm9jZHl6ZVBkZkFoSDA5OG1MRFV3UlMvWG9OdWZFQ1d5ZmZMNGRQSWIvQzdaQzV0aXJoc3N5RWNSMGRyWkF0cnpQUGxOOXVLUXpwalY3WXZVSGZQN1dyelNSMXNsMXhmSm1OZXNvQitTNFVPNFExblIrdHZCeHEyQkRucmlqamd4MENBQkl5U2tpMEFXbFNFWjFLZzlhR3VrZ05qV3pFcnlzdXlseEpMZWQ1U1BLdU4wZFQzdjJ1TGpsZkZtbnRnMm5uU0Qxd0UrNjhScEx5QlFOWWR1UW4vVTR6MytFOTcxS2dUNGc1RHVlb1JjVitMQkloM04rR01tQXRQWHgvcTRHZ1lWTlA4YTRhMVNudy9KOENoWkw1dWJteDl2cXRsdHJiQVZjUll3ZThBR3V2SG5VQk5xNm9zTnVPNWd3TlVKeXNkYmxNb281RXRyblpSVU1WUWhjRnlTRGMyUVVvRVZFWGVWTW1VNWRYVDNOK3hmRWRLb0RQWTNDdW5uZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * NgNYmsP7wsPUclfkGleyJNk

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\uxO27_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .CBeCbdDDbb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTcyOC10TUo0VzFoNkpCQk1tOW1TdnJWUVlCNThYaTlpVytRcnhPVmFJYzE0b3pKeVp6bno5Q0FGRVk4UDF3aVFXVmp6RDRwSktCSEJhNlRmNU5tU200TXVDVjFnT2YwdWZGOEdnN041TFE3aWJ3eHlSS1FzdXRoMTlqelkyRmNMWTJKN0o0RGMxZ3ZINHFHcTNXNk1ZVk5qVWtQNzFWSDE1K3JRMjJvR000OHpnelUvaGlFOFFLZWFEalFIaVY5RldtLzFPcWFPcFMvRWZHODExUTF6aHc1MTNWZTV0UHJBeC84dVdzS09DdHRWQjFJT2ZpRGlueDgwem1TaTRnczVOQzNFMXdIVmVSenFmOGdVNDYwcGRqcklETlZFaVp5ak5Dbk1PcE02MXl4N3dIZFNRZDFFRWxCSWl6NW1WNlMwUHI1UXgzMEdodkdkczdTQnByVmo5SUhtcFcrWGxNOW5WQk1aTUdNY2FiRGJ6SjM2VUR2Nm9hNytGWWNnQW1aUmJiTm9yb1cxbDR2eWZ4RC9oZHJLNVBIUXlJUlpzb3FVUWZtempiRHE3dnVTSG8wZEp0ZjFPVnR5bFloVVd3WVBodkdIbEZwbWEzdDBhbzFzaTRZVVB6Q085cDMycnZXRFAyNEd2c1hFSHFDREV4Z1FneTFTQktjeCs4TkRvWDdrTy9iZkZKcXZpUUpIWFFXV2FsMlM4RmVTOEJDWkU4cVB0Nk1mYVRyaGZVTUJ2MVJrdWdabnJBV0JrZDJuRlBiOFVzUzhBRWNONCtvOEwvRUNxSGJsbUQwOXUySUNYSXR1d0JmMy9sUnl0SFZxclN2SHlTRTNLVkdrZXYyZTRybUdlM2o1RFBCSnF6eE45dG5XbVVoQXdVRTdBMWlXYnlXQllDYitSZmVPUXdIQ051TXRJb3FJZzRRRW9lblA4OU41MHRhWGEyT0VRZzhCZmVtZmtKdzg0M0F1Sk5TdEtjN1NUSi95ODJLcTdnOHRUNzdNVjRMT01kM0doSi9XY2FBenlxRlhuZmE4Ymc0YjBrcUk1cVVSYTEydURKRWRmV05YYWVqQm5PVHppd2R4UXRQZ3d3Y2xIWVdNV2lQZGQyVG05R0RjZ2JUdktZRjlsTVZudnpMaENJTGF4d1Z4UVB1d01Vei9zc2ZONThXUExjK3FEaytKeVptcXlOZUxBdW9QWWp3cFRCdmRLaFd0YVl1UTVLU1N6eXVJcDc5cHh4b0FBSUtwUS9TS0dSbTlFZktzU2JjRW1jTHAxYUdjWHFtVE1JcUZDZE84M1lCampkU1JtaUVxc3V6Qk9YTVFoamRUUGdOSi9wVkk1T3M5aGwxcGNrVE55enZHVW8yZXpyWm1IbHpLcHB4QXBoTzFUbkxPOVM2V2VJOGlLRHM3TlF1SE01MFRUdmlxdTBsY3lPaFgxZXltbS9xY2lac1E0dll5Ym1ZWitOb2R4blFtT0c1eWkzS3drQ0htYWtOczZ5NVVKWGRSazRyYW85Ri9TMm81WlBmd1BLQmhwYW9wWGJwcCs4a1cwOXNYNXNNbHlHeVc5OVVnbkQ3KzU0cmxKWHZYYlVUemhqUklsTkdyVG45bTBTZmpnN25EQmVaKzhyMmlENlZHSlJGbmhJY21pNnkyWjBmU1pnLzJrNFV5Mm9jZHl6ZVBkZkFoSDA5OG1MRFV3UlMvWG9OdWZFQ1d5ZmZMNGRQSWIvQzdaQzV0aXJoc3N5RWNSMGRyWkF0cnpQUGxOOXVLUXpwalY3WXZVSGZQN1dyelNSMXNsMXhmSm1OZXNvQitTNFVPNFExblIrdHZCeHEyQkRucmlqamd4MENBQkl5U2tpMEFXbFNFWjFLZzlhR3VrZ05qV3pFcnlzdXlseEpMZWQ1U1BLdU4wZFQzdjJ1TGpsZkZtbnRnMm5uU0Qxd0UrNjhScEx5QlFOWWR1UW4vVTR6MytFOTcxS2dUNGc1RHVlb1JjVitMQkloM04rR01tQXRQWHgvcTRHZ1lWTlA4YTRhMVNudy9KOENoWkw1dWJteDl2cXRsdHJiQVZjUll3ZThBR3V2SG5VQk5xNm9zTnVPNWd3TlVKeXNkYmxNb281RXRyblpSVU1WUWhjRnlTRGMyUVVvRVZFWGVWTW1VNWRYVDNOK3hmRWRLb0RQWTNDdW5uZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * kIyv64CQmU7ZUBJmRIY6U2s5uQ

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Music\uxO27_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .CBeCbdDDbb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTcyOC10TUo0VzFoNkpCQk1tOW1TdnJWUVlCNThYaTlpVytRcnhPVmFJYzE0b3pKeVp6bno5Q0FGRVk4UDF3aVFXVmp6RDRwSktCSEJhNlRmNU5tU200TXVDVjFnT2YwdWZGOEdnN041TFE3aWJ3eHlSS1FzdXRoMTlqelkyRmNMWTJKN0o0RGMxZ3ZINHFHcTNXNk1ZVk5qVWtQNzFWSDE1K3JRMjJvR000OHpnelUvaGlFOFFLZWFEalFIaVY5RldtLzFPcWFPcFMvRWZHODExUTF6aHc1MTNWZTV0UHJBeC84dVdzS09DdHRWQjFJT2ZpRGlueDgwem1TaTRnczVOQzNFMXdIVmVSenFmOGdVNDYwcGRqcklETlZFaVp5ak5Dbk1PcE02MXl4N3dIZFNRZDFFRWxCSWl6NW1WNlMwUHI1UXgzMEdodkdkczdTQnByVmo5SUhtcFcrWGxNOW5WQk1aTUdNY2FiRGJ6SjM2VUR2Nm9hNytGWWNnQW1aUmJiTm9yb1cxbDR2eWZ4RC9oZHJLNVBIUXlJUlpzb3FVUWZtempiRHE3dnVTSG8wZEp0ZjFPVnR5bFloVVd3WVBodkdIbEZwbWEzdDBhbzFzaTRZVVB6Q085cDMycnZXRFAyNEd2c1hFSHFDREV4Z1FneTFTQktjeCs4TkRvWDdrTy9iZkZKcXZpUUpIWFFXV2FsMlM4RmVTOEJDWkU4cVB0Nk1mYVRyaGZVTUJ2MVJrdWdabnJBV0JrZDJuRlBiOFVzUzhBRWNONCtvOEwvRUNxSGJsbUQwOXUySUNYSXR1d0JmMy9sUnl0SFZxclN2SHlTRTNLVkdrZXYyZTRybUdlM2o1RFBCSnF6eE45dG5XbVVoQXdVRTdBMWlXYnlXQllDYitSZmVPUXdIQ051TXRJb3FJZzRRRW9lblA4OU41MHRhWGEyT0VRZzhCZmVtZmtKdzg0M0F1Sk5TdEtjN1NUSi95ODJLcTdnOHRUNzdNVjRMT01kM0doSi9XY2FBenlxRlhuZmE4Ymc0YjBrcUk1cVVSYTEydURKRWRmV05YYWVqQm5PVHppd2R4UXRQZ3d3Y2xIWVdNV2lQZGQyVG05R0RjZ2JUdktZRjlsTVZudnpMaENJTGF4d1Z4UVB1d01Vei9zc2ZONThXUExjK3FEaytKeVptcXlOZUxBdW9QWWp3cFRCdmRLaFd0YVl1UTVLU1N6eXVJcDc5cHh4b0FBSUtwUS9TS0dSbTlFZktzU2JjRW1jTHAxYUdjWHFtVE1JcUZDZE84M1lCampkU1JtaUVxc3V6Qk9YTVFoamRUUGdOSi9wVkk1T3M5aGwxcGNrVE55enZHVW8yZXpyWm1IbHpLcHB4QXBoTzFUbkxPOVM2V2VJOGlLRHM3TlF1SE01MFRUdmlxdTBsY3lPaFgxZXltbS9xY2lac1E0dll5Ym1ZWitOb2R4blFtT0c1eWkzS3drQ0htYWtOczZ5NVVKWGRSazRyYW85Ri9TMm81WlBmd1BLQmhwYW9wWGJwcCs4a1cwOXNYNXNNbHlHeVc5OVVnbkQ3KzU0cmxKWHZYYlVUemhqUklsTkdyVG45bTBTZmpnN25EQmVaKzhyMmlENlZHSlJGbmhJY21pNnkyWjBmU1pnLzJrNFV5Mm9jZHl6ZVBkZkFoSDA5OG1MRFV3UlMvWG9OdWZFQ1d5ZmZMNGRQSWIvQzdaQzV0aXJoc3N5RWNSMGRyWkF0cnpQUGxOOXVLUXpwalY3WXZVSGZQN1dyelNSMXNsMXhmSm1OZXNvQitTNFVPNFExblIrdHZCeHEyQkRucmlqamd4MENBQkl5U2tpMEFXbFNFWjFLZzlhR3VrZ05qV3pFcnlzdXlseEpMZWQ1U1BLdU4wZFQzdjJ1TGpsZkZtbnRnMm5uU0Qxd0UrNjhScEx5QlFOWWR1UW4vVTR6MytFOTcxS2dUNGc1RHVlb1JjVitMQkloM04rR01tQXRQWHgvcTRHZ1lWTlA4YTRhMVNudy9KOENoWkw1dWJteDl2cXRsdHJiQVZjUll3ZThBR3V2SG5VQk5xNm9zTnVPNWd3TlVKeXNkYmxNb281RXRyblpSVU1WUWhjRnlTRGMyUVVvRVZFWGVWTW1VNWRYVDNOK3hmRWRLb0RQWTNDdW5uZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * aQ5lRHzEc6p8q7So6pzDBD1cH6spr

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\uxO27_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .CBeCbdDDbb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTcyOC10TUo0VzFoNkpCQk1tOW1TdnJWUVlCNThYaTlpVytRcnhPVmFJYzE0b3pKeVp6bno5Q0FGRVk4UDF3aVFXVmp6RDRwSktCSEJhNlRmNU5tU200TXVDVjFnT2YwdWZGOEdnN041TFE3aWJ3eHlSS1FzdXRoMTlqelkyRmNMWTJKN0o0RGMxZ3ZINHFHcTNXNk1ZVk5qVWtQNzFWSDE1K3JRMjJvR000OHpnelUvaGlFOFFLZWFEalFIaVY5RldtLzFPcWFPcFMvRWZHODExUTF6aHc1MTNWZTV0UHJBeC84dVdzS09DdHRWQjFJT2ZpRGlueDgwem1TaTRnczVOQzNFMXdIVmVSenFmOGdVNDYwcGRqcklETlZFaVp5ak5Dbk1PcE02MXl4N3dIZFNRZDFFRWxCSWl6NW1WNlMwUHI1UXgzMEdodkdkczdTQnByVmo5SUhtcFcrWGxNOW5WQk1aTUdNY2FiRGJ6SjM2VUR2Nm9hNytGWWNnQW1aUmJiTm9yb1cxbDR2eWZ4RC9oZHJLNVBIUXlJUlpzb3FVUWZtempiRHE3dnVTSG8wZEp0ZjFPVnR5bFloVVd3WVBodkdIbEZwbWEzdDBhbzFzaTRZVVB6Q085cDMycnZXRFAyNEd2c1hFSHFDREV4Z1FneTFTQktjeCs4TkRvWDdrTy9iZkZKcXZpUUpIWFFXV2FsMlM4RmVTOEJDWkU4cVB0Nk1mYVRyaGZVTUJ2MVJrdWdabnJBV0JrZDJuRlBiOFVzUzhBRWNONCtvOEwvRUNxSGJsbUQwOXUySUNYSXR1d0JmMy9sUnl0SFZxclN2SHlTRTNLVkdrZXYyZTRybUdlM2o1RFBCSnF6eE45dG5XbVVoQXdVRTdBMWlXYnlXQllDYitSZmVPUXdIQ051TXRJb3FJZzRRRW9lblA4OU41MHRhWGEyT0VRZzhCZmVtZmtKdzg0M0F1Sk5TdEtjN1NUSi95ODJLcTdnOHRUNzdNVjRMT01kM0doSi9XY2FBenlxRlhuZmE4Ymc0YjBrcUk1cVVSYTEydURKRWRmV05YYWVqQm5PVHppd2R4UXRQZ3d3Y2xIWVdNV2lQZGQyVG05R0RjZ2JUdktZRjlsTVZudnpMaENJTGF4d1Z4UVB1d01Vei9zc2ZONThXUExjK3FEaytKeVptcXlOZUxBdW9QWWp3cFRCdmRLaFd0YVl1UTVLU1N6eXVJcDc5cHh4b0FBSUtwUS9TS0dSbTlFZktzU2JjRW1jTHAxYUdjWHFtVE1JcUZDZE84M1lCampkU1JtaUVxc3V6Qk9YTVFoamRUUGdOSi9wVkk1T3M5aGwxcGNrVE55enZHVW8yZXpyWm1IbHpLcHB4QXBoTzFUbkxPOVM2V2VJOGlLRHM3TlF1SE01MFRUdmlxdTBsY3lPaFgxZXltbS9xY2lac1E0dll5Ym1ZWitOb2R4blFtT0c1eWkzS3drQ0htYWtOczZ5NVVKWGRSazRyYW85Ri9TMm81WlBmd1BLQmhwYW9wWGJwcCs4a1cwOXNYNXNNbHlHeVc5OVVnbkQ3KzU0cmxKWHZYYlVUemhqUklsTkdyVG45bTBTZmpnN25EQmVaKzhyMmlENlZHSlJGbmhJY21pNnkyWjBmU1pnLzJrNFV5Mm9jZHl6ZVBkZkFoSDA5OG1MRFV3UlMvWG9OdWZFQ1d5ZmZMNGRQSWIvQzdaQzV0aXJoc3N5RWNSMGRyWkF0cnpQUGxOOXVLUXpwalY3WXZVSGZQN1dyelNSMXNsMXhmSm1OZXNvQitTNFVPNFExblIrdHZCeHEyQkRucmlqamd4MENBQkl5U2tpMEFXbFNFWjFLZzlhR3VrZ05qV3pFcnlzdXlseEpMZWQ1U1BLdU4wZFQzdjJ1TGpsZkZtbnRnMm5uU0Qxd0UrNjhScEx5QlFOWWR1UW4vVTR6MytFOTcxS2dUNGc1RHVlb1JjVitMQkloM04rR01tQXRQWHgvcTRHZ1lWTlA4YTRhMVNudy9KOENoWkw1dWJteDl2cXRsdHJiQVZjUll3ZThBR3V2SG5VQk5xNm9zTnVPNWd3TlVKeXNkYmxNb281RXRyblpSVU1WUWhjRnlTRGMyUVVvRVZFWGVWTW1VNWRYVDNOK3hmRWRLb0RQWTNDdW5uZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * x

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Targets

- Target
  
  33d390c351632b45a20a8a9939ef5794fcc2bb52b02201aa54de31b7f7bc396e
- Size
  
  775KB
- MD5
  
  66ef4802ece3a0d62cab8be7d6065c8d
- SHA1
  
  bf9bf0b3242ffb55726d8886480b23fc60b756c2
- SHA256
  
  33d390c351632b45a20a8a9939ef5794fcc2bb52b02201aa54de31b7f7bc396e
- SHA512
  
  84f3122608910846ea3b9c23170a2dd371b7f14e63362f5082a8d1dde154911b68e75c05f947e594333d7bdad455e67e4b43cd79afbd4d8f6d6361a53ef6427c
- SSDEEP
  
  24576:+Csl9+OXLpMePfI8TgmBTCDqEbOpPtpFa8xfq:Y+OXLpMePfzVTCD7gPtLaUfq
Score

10^/10

avaddon evasion ransomware trojan
- Avaddon
  Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
  ransomware avaddon
- Avaddon payload
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (204) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2