General
-
Target
de46835309199f18a60da5cf018d28c8ba3fb3d74b04a65b9efb16d1d3df07ac
-
Size
339KB
-
Sample
240316-evxcrsde57
-
MD5
db851e5b53e2e837125eacc64f0b8a82
-
SHA1
c83eaff7001b1e9bdc7fa2c639822307276187b0
-
SHA256
de46835309199f18a60da5cf018d28c8ba3fb3d74b04a65b9efb16d1d3df07ac
-
SHA512
ad182a4037db8f923ce29be26084c18233bd9c9410a015bbafb190e7cb5c0200e5c300bce788a151cc70a51098011fa924c0e523b398cc4d1eee0a8d41dbd8f7
-
SSDEEP
6144:m3CrwI1v9UDmM13Zwbnt43R2fzTy58Rehh2A3AIfJoWa1fPskN2A74DUPN0q:BrGDmMH643RizTchR3f/a1nskNXbN0q
Behavioral task
behavioral1
Sample
48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Desktop\U0Mz6_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\U0Mz6_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Windows Live\U0Mz6_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\U0Mz6_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\TZZ1aktw_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\TZZ1aktw_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Searches\TZZ1aktw_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\TZZ1aktw_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275
-
Size
775KB
-
MD5
117da2dd6fa24616f63eb43d5a15e5d3
-
SHA1
b4d70eecdef52ceef15f04a025d1ab08f193fb97
-
SHA256
48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275
-
SHA512
de2e5538e8dd8210b630eca0fc611f0ba0dcb805b3a745c38a6f46ee9acfe8785c917b9452e0d6f70f675030430b65b352d695106bae639b20e0dbb2dd95e375
-
SSDEEP
24576:TCsQ9+OXLpMePfI8TgmBTCDqEbOpPtpFhAxfq:5HOXLpMePfzVTCD7gPtLhQfq
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Indicator Removal
2File Deletion
2