General
-
Target
35319b92ac8409ad8b0534cd44993924467fced4810230416ddb9734827c6235
-
Size
199KB
-
Sample
240417-qca8csgf28
-
MD5
ec0de37234c3a70d5ab54d094d55c03a
-
SHA1
c90032ede83281c531e1d5ff85ba7e83184f1ac3
-
SHA256
35319b92ac8409ad8b0534cd44993924467fced4810230416ddb9734827c6235
-
SHA512
37422a3bc9eb1df484fe1b309a0470341e03bdec071aed19a5fdbb9a921e640b4e4bb062b47ddc762e00245ecdd8652dbbe8a52f63abdbedc8b37f6143d29727
-
SSDEEP
6144:fZbLmQStDsowAmIJNJK+GesCzyN5/cp7ubl15DC:RbLmdACmIJNJGQyz/Mub1DC
Behavioral task
behavioral1
Sample
c14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Desktop\tGZuKW0_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Favorites\Windows Live\tGZuKW0_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Desktop\xleUz_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Documents\xleUz_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Downloads\xleUz_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Music\xleUz_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
C:\Users\Admin\Pictures\xleUz_readme_.txt
avaddon
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
c14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028.exe
-
Size
483KB
-
MD5
53717dc73f61b0f9551cb62d6fca2e4a
-
SHA1
1ca9304e86632b147852767c85c57e08bdfc8855
-
SHA256
c14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028
-
SHA512
ae6ff8377d89cd3d1686c5a6bd7bb398bb975e4e52f7db5fbb0550783d77648558f03a13a9751d0cb6ed993621b12980d54777385802dd4c014ec22ae8d33552
-
SSDEEP
12288:WcvbX8rMmSZJ8t9ZITyDpFGIOyA4muT5WFExk8y:/zMr1SZJ8t9ZITyNzOt4dVy
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Renames multiple (171) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-