General
-
Target
b054166a9ac8d8a69f477ce171faaa1192fc9399ce8a2d8066478f99c1e750ee
-
Size
2.5MB
-
Sample
240316-etbdxadd97
-
MD5
4f02e23d3becdbc62a1653fac2fd88b4
-
SHA1
ef8d14d04c33d8ac16af189858f3f51bd55b6c0a
-
SHA256
b054166a9ac8d8a69f477ce171faaa1192fc9399ce8a2d8066478f99c1e750ee
-
SHA512
895848f0eec88d32e264305c568c684c528dd22f08106d49385cf68909644715b4c9a3b80b27890b2cd15065457ea28749d52a62eeec2339630240aba36a8fef
-
SSDEEP
49152:mJ5CdZsXB23hZtkWwahk4+xdZYEE6ukR3//CbTrfC490/nxNyPRpFAFpAs1:mjaC23hsWD64YdAu33749oxQyF6s1
Behavioral task
behavioral1
Sample
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
-
Size
4.8MB
-
MD5
6ff1ca648505fe8bea6b4a26616b9722
-
SHA1
7020b4d9e700b697d507a61bffea12c9475a23d2
-
SHA256
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365
-
SHA512
e65d67e22807e1a539997bd763fc6063226fce207c57b3b0316ef7640471f460016fa5f58feb006ff96dd7a2cf5bcff7c17f0af763e8518431fe13ce6d8c9db2
-
SSDEEP
98304:zDAjjvoF+Cp+/bbbbp7FO1gTL9M5gmoZHOoOVsHalI:zuvAObbbbp78+VwzV0alI
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Detects executables packed with Themida
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (174) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Indicator Removal
2File Deletion
2Virtualization/Sandbox Evasion
1Subvert Trust Controls
1Install Root Certificate
1