General
-
Target
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.zip
-
Size
2.5MB
-
Sample
240402-qerywsah2s
-
MD5
cabbf4e4a2697d841c24a71680df45a7
-
SHA1
631cf9979dbb264837b808d269bfc9d8b7882f2d
-
SHA256
c98e72b6ddb9afc0d5a2e18ebc759c64d343ed97c739f0344cc78770a0b8781c
-
SHA512
03c2f4503ef7fcc34c6a202530d6535e29c8572f4bfc22436a8f9494a9a88cc759d55cd166982b468447c418f4095f3d2c45fa1533d1127a76987cfdaf277943
-
SSDEEP
49152:q6H2nErMY4oQc/j9Ar/VJSyNK1DI7J5euy7x6Pvhcaq3QpwEEhnxW/6xDu:qiwEr1QqSeV1DGJoHs3qtKw79y
Behavioral task
behavioral1
Sample
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365.exe
-
Size
4.8MB
-
MD5
6ff1ca648505fe8bea6b4a26616b9722
-
SHA1
7020b4d9e700b697d507a61bffea12c9475a23d2
-
SHA256
7b7c16367746efe7583ae46235b2f062ce44602dda990c9a11a730d619b8d365
-
SHA512
e65d67e22807e1a539997bd763fc6063226fce207c57b3b0316ef7640471f460016fa5f58feb006ff96dd7a2cf5bcff7c17f0af763e8518431fe13ce6d8c9db2
-
SSDEEP
98304:zDAjjvoF+Cp+/bbbbp7FO1gTL9M5gmoZHOoOVsHalI:zuvAObbbbp78+VwzV0alI
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Renames multiple (205) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Indicator Removal
2File Deletion
2Virtualization/Sandbox Evasion
1Subvert Trust Controls
1Install Root Certificate
1