General
-
Target
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.zip
-
Size
1023KB
-
Sample
240402-l58bcaeb6s
-
MD5
4ba656f5864f67f07d7d7832e9533924
-
SHA1
7d94a0eb12c5a5d09844232313b414625d8bd25e
-
SHA256
0340302e5183329eb829f632de0c22bdb0a41282dd80be2a90bf2d6608aa113d
-
SHA512
a6a9c8505a223f833c9badcd806d41978576fbb9ac4d4b883e2b77b23c47c8d3dd8c583dfb8f0bb2fce47128cb87cf8a116f2ad483f7608158f97459b43a7935
-
SSDEEP
24576:sAFBWsBowNL6bLZh9LnJO82e/UQFhVhfh7Q32MECN:sAHjoXhhnOvyhfh7Q32Tg
Behavioral task
behavioral1
Sample
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe
-
Size
2.0MB
-
MD5
f8290f2d593a05ea811edbd3bff6eacc
-
SHA1
497985116f4ebaa05f1774c16adb5aa52b8e9756
-
SHA256
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993
-
SHA512
97e4563b6112e4f6c7ee46cc1e18de931d4e052d387e6c37f7fdd7d352ef817778bd95041eeaf05e2bdf657afa1b09e52f4933ca22c6ea8f98983d8c13b56c14
-
SSDEEP
24576:AxT2+3dmY7FF1JLurH0q7kRZLJn0A0ffqN3CzPtakNLIE4GPoyP:f+NmY7FFHurUayLLKCdCzPtFZb
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Renames multiple (194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Indicator Removal
2File Deletion
2Subvert Trust Controls
1Install Root Certificate
1