General
-
Target
bcdbfc2e3ce5044763448bed642e7516230b6bdac839bad93dc6dff608de29a4
-
Size
461KB
-
Sample
240316-etxxxade29
-
MD5
908c98a70eaeb6054cf531d6a7165bb2
-
SHA1
396d9a0f1f57451d7c86238e44f6790e2fba05b9
-
SHA256
bcdbfc2e3ce5044763448bed642e7516230b6bdac839bad93dc6dff608de29a4
-
SHA512
39fd0248414fb708f6f78a92e511c07c61d4c6cc539b9aa5130c458799b16695240e468d4174ca232cabc017347be4a2eb76a26661cb3bfd2de3e73d0b122413
-
SSDEEP
12288:AR6uAYTN3Iya5D9kTs82KQ14uOhE3vK8R70uHcspDQAfe5z7mF:ARP3YR9T4mcW/KUjy5z7mF
Static task
static1
Behavioral task
behavioral1
Sample
05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\833184-readme.html
avaddon
Targets
-
-
Target
05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2
-
Size
1.0MB
-
MD5
c9ec0d9ff44f445ce5614cc87398b38d
-
SHA1
591ffe54bac2c50af61737a28749ff8435168182
-
SHA256
05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2
-
SHA512
c340baeb66fc46830b6b77b2583033ade6e10b3de04d82ece7e241107afe741442585bf2ea9d6496af93143c37e9676d4f1e1d301d55632b88b12daadadd43f0
-
SSDEEP
24576:Cs6JmdFn5KLOCgHWcAvcrOcEsKfR9uA7rmFbbbbpccf:Cs6JY5KLOCyWcDUfRAA3mFbbbbpc4
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Renames multiple (244) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Indicator Removal
2File Deletion
2Subvert Trust Controls
1Install Root Certificate
1