General
-
Target
db475f7885c789b4090991e7d6ed5b440fbe68f1c6dfa1f2ccdd2536144345ee
-
Size
329KB
-
Sample
240417-p8wy9sgc96
-
MD5
893ae15a0e3b8b377e01e344aff742e2
-
SHA1
fa00408eddfc3cfda26a410f8f6b46ad73f9ef6e
-
SHA256
db475f7885c789b4090991e7d6ed5b440fbe68f1c6dfa1f2ccdd2536144345ee
-
SHA512
e49bb639f55a49ae3e85c0f3ff9f7183c7031e5c7aa2e207ffa5e61a74a110cb9fb6b8b7aafb4e2f24ca53f6c18bfada904313ff57f2f2af5bde4596c6eed891
-
SSDEEP
6144:COdbaGu6TaFCn+cEMrQwotAj1sFUjN9kjcBHqpStP5wMoL3MPsb0aG6iD5n3uF:Ce7uEaFrRMrQwoLFUppNPe93h0x9oF
Behavioral task
behavioral1
Sample
46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Documents\PUareOd_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\PUareOd_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Microsoft Websites\PUareOd_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\PUareOd_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\fm4kmFds_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\fm4kmFds_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\fm4kmFds_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
-
Size
775KB
-
MD5
c19084114c85192dacfed89a92da6837
-
SHA1
a1d6461e833813ccfb77a6929de43ab5383dbb98
-
SHA256
46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675
-
SHA512
cbcc47dfd2f1e1a15b93ff2df067ebce74a3623b5b5fa1162b9076d25175ea0f3f687c24b5051e7de753697b2a860595cf15351168f999e447ee5d0bc70cc11e
-
SSDEEP
24576:+CsD9+OXLpMePfI8TgmBTCDqEbOpPtpFafxfq:YcOXLpMePfzVTCD7gPtLapfq
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (161) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Indicator Removal
2File Deletion
2