General
-
Target
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.zip
-
Size
2.5MB
-
Sample
240402-mn8ffsfc7w
-
MD5
fe3e8b67c474f96462fee4b2433e011f
-
SHA1
d8348aa68d5c7f6770f77365fd851e690c150976
-
SHA256
54c3d36de8a4f650bf9bf29f8c939197bdbb3e71b05e622a6d9c6c418696b0d8
-
SHA512
630f0549d6e4f476a30b8ed1f7a38d4d99f401417ce5fdbbb6a96386d4a8325585ad3d5314d82182cfc6e0b3286b568f74c345b0b2c5b611202d4772b0054e3e
-
SSDEEP
49152:6blvFrZprIPotg/NfXu9LDA1P9vqmh95/qM9RIPl1c3rhNzVcmeP3TeyOpTvvhZ:6b3rd4GLEjqmhSuRIotN0pGTvvhZ
Behavioral task
behavioral1
Sample
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
-
Size
4.8MB
-
MD5
6ff1ca648505fe8bea6b4a26616b9722
-
SHA1
7020b4d9e700b697d507a61bffea12c9475a23d2
-
SHA256
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365
-
SHA512
e65d67e22807e1a539997bd763fc6063226fce207c57b3b0316ef7640471f460016fa5f58feb006ff96dd7a2cf5bcff7c17f0af763e8518431fe13ce6d8c9db2
-
SSDEEP
98304:zDAjjvoF+Cp+/bbbbp7FO1gTL9M5gmoZHOoOVsHalI:zuvAObbbbp78+VwzV0alI
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Indicator Removal
2File Deletion
2Virtualization/Sandbox Evasion
1Subvert Trust Controls
1Install Root Certificate
1