avaddon | 0340302e5183329eb829f632de0c22bdb0a41282dd80be2a90bf2d6608aa113d | Triage

Submit
Reports

Overview

overview

Static

static

9

01aa2cf8db...93.exe

windows7-x64

01aa2cf8db...93.exe

windows10-2004-x64

Sharing

General

Target

01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.zip
Size

1023KB
Sample

240402-l58bcaeb6s
MD5

4ba656f5864f67f07d7d7832e9533924
SHA1

7d94a0eb12c5a5d09844232313b414625d8bd25e
SHA256

0340302e5183329eb829f632de0c22bdb0a41282dd80be2a90bf2d6608aa113d
SHA512

a6a9c8505a223f833c9badcd806d41978576fbb9ac4d4b883e2b77b23c47c8d3dd8c583dfb8f0bb2fce47128cb87cf8a116f2ad483f7608158f97459b43a7935
SSDEEP

24576:sAFBWsBowNL6bLZh9LnJO82e/UQFhVhfh7Q32MECN:sAHjoXhhnOvyhfh7Q32Tg

Score

10^/10

avaddon cryptone evasion packer ransomware trojan

Static task

static1

cryptone packer

1 signatures

Behavioral task

behavioral1

Sample

01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe

Resource

win7-20240221-en

avaddon evasion ransomware trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe

Resource

win10v2004-20240226-en

avaddon evasion ransomware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe
- Size
  
  2.0MB
- MD5
  
  f8290f2d593a05ea811edbd3bff6eacc
- SHA1
  
  497985116f4ebaa05f1774c16adb5aa52b8e9756
- SHA256
  
  01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993
- SHA512
  
  97e4563b6112e4f6c7ee46cc1e18de931d4e052d387e6c37f7fdd7d352ef817778bd95041eeaf05e2bdf657afa1b09e52f4933ca22c6ea8f98983d8c13b56c14
- SSDEEP
  
  24576:AxT2+3dmY7FF1JLurH0q7kRZLJn0A0ffqN3CzPtakNLIE4GPoyP:f+NmY7FFHurUayLLKCdCzPtFZb
Score

10^/10

avaddon evasion ransomware trojan
- Avaddon
  Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
  ransomware avaddon
- Avaddon payload
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (194) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Indicator Removal

File Deletion

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

avaddonevasionransomwaretrojan

behavioral2

avaddonevasionransomwaretrojan

© 2018-2024

Terms | Privacy