avaddon

Sharing

Copy URL

Twitter E-mail

General

Target

b73f89df05ebb2fe345fb15556f3820e2ab169faa2be9ef0d7dcffdbcd63ab9c
Size

329KB
Sample

240417-qgh4rsad7t
MD5

8549cee50cb271e9b2d2de2c636ab910
SHA1

d74b5b4ccafb38f32e2b90b4b390bda65739b743
SHA256

b73f89df05ebb2fe345fb15556f3820e2ab169faa2be9ef0d7dcffdbcd63ab9c
SHA512

3c2222a175ba9d0bab2289ecab0c7b32a0a43ac0bf0f483dd850fbb74712578bec6e58930a37e0c32ca71e94d64ed42516480ff97b37086a2247d5dfdc7f9c57
SSDEEP

6144:v7L54dx8shVi4AnwJhVOC6x7AjjTVRe4+FPd7nkBx7S2Rgmi3:vH5vshvhVOCRjjTVRePPdbkBBPR2

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\J9FGh_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .eAeECDBad You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTk0Ni0rUEx5VVpsVzBDZU1ZS3pzTjBPMkNDc0hPdXdMd2xjY1ZHWWNUVnNtUWYzQVlQODE0ODFTVGY0SkdYRUxiMUtoSGF3TkVPSk14MGJNYWZmVTh6RGp1L0pxQ05YQmFoVGFBRXNKOWY3SGhRVHpoUnFJM2lUNENRWlFHdzhhOTlQMm1reGEwNWhFeG5UTlRvUzlnZWhBa2R6cUZxakRtbXZNUkk0eGVBUTNhY01uQ0VwVUs5VlJBdE1oaWRsUXY1UEIzcmJHWXJuakJxeW4vdW9YbXJvRXhKY1loN1ZlTSszdWlSVnFveG9Rb1M5aE9keFBHNFVWYkh2akhZKy9MOHZPLzF1aTNnZDNuYVhMbTdpYkxIdERPOEd5aHpKWk94aEwzRFBrSkk4VERkTS9ER05HeTBZaWYrTWpEUzlTSkJFcGRmSmRzTUJ5bStWbTQycmFqRE91S2FMaStpSldwRHVHYXlqZTd6ejZBdkdTVG5vWE1JUi9HeEg1SzJrV2V1dE93NXlDZCtpZ2NwODlLc1p2MktxaGsvWVgxZGJVWTFqSk5XV2tIZ3hSV3pGYzBTOElndTFGajJES09leUx1THBncm9hTEF1NDFQMVgwaEdoTjlqUkNoSHpLMUFySlhZekNONUsyRU4rR2RCUkwxQVNRWmJnMmk4dU04Skh6dkwwbURyc3FBT1Awb1BYYW5wMFRmclQ0YzNIYWxiT1lJQUI4ZnlVT3dYZEM4TWtUMkFpcDEzQWdNNy9YVExSWnVicGRSdEJFam1tVlgwcUxhY1hUSEsxOU9iTTcxdkhzUkxGcUJyVXhvQllOTXgyYUxxczM3Q3YvaHBBTVdiTjd2eE1QUTdlcGpZUnVzb0NXc3ZvVkVCeUxSWWNMdFFoOTU4ODlIckpldDNIcjk4Mmcwd3MvTG9wbHJBMjJ0dWo1QllLKzNIamlpWlJJbDRPdWZ5Z0RCMUliSEU1T2RWdE9pUkFDeE5EZktYUmZ6RkNxSzgrb0hKeFEzdHpzTnh2andRWUZKQk1KNHRqMDNXb0ZyYmNsYjdCTEErZ0tTcGpMekc4REdyZnE5ZzRZQTAzS1VVcUNOVmpCcGErMlkwZkpXcEI4NTlEbVlPUFVkQktNazJtQXZiR25GNDBWQ2VDOHE4K08yajB0N3Fad2wybS8wc0ZoWk00RTFXSjV6YXdyeEpCOThwSUxRcWlGa3ZWVHRrdU9KbmlNVmtWVmlqSXd2MUorMW5IWUtFTXhVV2luSWVpNWIzSzYyMlk1dWgwSVhJcWFid1h2aHl6bFdSVHdHcG5Lc0I2MklMZyszNjRsdjFabjJ2R3ZkbjZOb3pNOE4yc3ZkODlBRzNqSVVhckxNZncyb0FieEpvMzhvcy9SQkJSVVl1Q2dJcUJWZUMvZzZoSFpzQ3VQTWJnQjBtWGgwaW11VjEvdEZkcHhtdVMxUkwyRHJ5dk1oL2VBa2pRbE4vdjFmYWh2TmRLWk4yNzF4WnRpdjVQYzNLc0dNMVVkWEpoTHZLd2doZG9jWmZJeTE0cW1QS2xIVDl6R20wdWtFbWdkOUJBYWFQdnJUNVZFMXI5cDN5cWF0MktaOHE1dmNlcWk5NnNOdVltY29FYU1IQUNvNjdSSEx6dlpoNjJ6THB1am1neFc5c1QyL3NVNW1vQTFFeVNIWUZaNTdXMVltUmFlOXk2TmEveG13QnJabnorLzNCZ2w1cUR3N3hOYWVUc3V2YzdWS04zMmROeG5FTGFKaUgzNk9nWUtXNzdSK2dDaVgybUdPRVd0dTRwQ3QwdWtYd3ZnUW1sLzBHaWNyOXpUeDFjeTVrUEhraDhtTk10S2hELzFneW5kTC8ycHdESWlPUlVURGxUdU5BR1VwWW5ENC9SOS8zZXFTYm90QTZveVBOYVJWdUl3S0QyL3lYNlFOYjBQYVMwN2pldmx2TFNSUnFGV0NUcHdkUnJ6clZGZm9kem1ub3VieS9SZzZUOGhJZXZvN1hodHNDTlprdU9UYmRjcktIV0NadFRhZ1RyaUtIb2t0NUhLN0gyTEFJTGRrbEoyOFh6T2E0aDh5R1R1RFBKRy85M1l3WGM0QnliWkVSTlhzMEIwdUJxZFpPTEdlbHBaZGd1ZVIzaHJXVTJ4eVE1cWtkYzhNSWg4WHRxYWJaZnROZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 1uRTNy

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\J9FGh_readme_.txt

Family

avaddon

Ransom Note

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Favorites\Links\J9FGh_readme_.txt

Family

avaddon

Ransom Note

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\HzDcZ0_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BbBdCeeaAd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTk0Ni0zKzR4d2Ixc2FnNm5Sb1k0QlYzNE55a2JHS0dNaGhMVGtUUzl0SWkySmxtWTY2cENESmdPZVlrMEd6Vm8xRHVLY01lcFZISy8xZW1ndlhzTm5LeURpNXhlTlRwMk5wNWRrd2JUbjZFN0dqTmlGUFVlMW0vS0wxdzAxK2JaVTNOdlJQQUFFRFgvc042ODl0cEdQaHRLeFU1RkxNNmYvTitaN05lY2JDdHhic3J6bGs1SGpkMGtDVkxaN3ozSTVsVGJLL1pOdXZsL0JacEJIR2NjLzdTZ3JWSitrOFp4QVN1WUt0cC9ZbWIvdHNWcWNVM1htZ3A2RVRzdEVzeWg1WExSYzFqVUQ0V3FHMktnRHJ2aUFnMTZvNGxmL09kQTA5anpNOC9YblNIbXdoaUdPem5ZWkt5ZjdIZXRBc2NhM0VFLzRGMXNkYVltQlNKL1ZYZU0wQ2hoeWQrRTVFdEI4ZjZPMlh3bDFWaWIrOG4xVkp3M1lGU0tPN3lHZ2lGZEV1UTNCaFVNMDRoMEdSK0ZjNkNKT0hVVEdTeXRUOU51RU9WUVJ3dkZRdmdRZElBVFZIUk4yRTdzUTJpVzBCVHBCVUYzSldRUTJuYWc5TjJWc0k0TnZEV3pTNVkyeGFNamNlMElaZGVGUVBYL0FwRmtCUEhGcis0MENhb0llak54SVFwcVJsTEJqWFBvUkNYMTRUNS90V3FiNE5tRmJLbFRDOGRERFZxSVhTTU5tejFvR1hRMlFoZ0tsZ3NGWXY2eThqZ2R1cXYxdXo2a3dzVUVMVmRVeHhWQlgrdUFMa1BJenZEVC9rWkswZDdrcXpkTllLdFZtZURKaGNlRG52ODBtV3M0cVV2cVhaVWVXOGRlSS8wZmwzTnMxRnRwcEJwNlpkVWxXT01PdHhvNFQ4Wlh4Z0dXVkZ1V0xNMHM1d1BacEFZdHJIb2FiQmF0UDhqeW9EaWdwcDUzSW4yQVJHL2E2ellpb3ZhTitZcE1xYW5wOGIyU2o0K1RVS2ZCYmk4bUhodDlzUEhlS1VxMDlTaWlMSnZiYkdMM2srcWJaZkY2TFp6c0U0M0lZMzhObHllZkxHeDVyNFVNdmJkQkRMQWRiRk85TjMzUXovbHpqVXM4UVZva1laNTV0ZEJ2TUM1bTJURm1vU0NkaFhGM1RQVEVBd3VCNDdpQWszbCs1cEVmZ3h5ekV2UXZnS1VDbllrSXNRY0MvMjdFYnE2d2RwREhQR2VlTHN1MkZoSWR5blZJUHFBT0JYWXRiMXdOYURHVC9yMm9qcXljR1dQT0JJSTY2UVlWbCtoYVZXMTFCOUNWanhQTmVvRXFrM01FMk9uSlNHbUNib0VjaGZTKzZtWUJ5TTFCdHBjWGRoY1BYOGhlYmVVd09FT0pUNjh5UjBtV1Rkc011MmxQamRGZ1ZmT3JqVVVhY08yanNkZGhjc2Rldm1POWF5MkFXeHhlVjRIN0o2RVRLSklQSDB0c1JUV1ZKUTJVQm5mVWZibktnOVo0bTNiaG9SWWF0bXhkYUVRZStjV0d6dWVsb2llYVliVWVtZ3ZBNHQzdkJacjR3dzZYMllYWmNkU1pJbDNkQjVSN1loZ2JjT1R5SHhBb08ybGFhbXZWTXc5Y3FQamMxQWFnREJ6VUtRMmJweFE5cGFiNDZMMWR3OWxLRkttWTY0YWpESjlJT2Y3MlExRy9jQmZyQVZPQU1ZMHdDa01SMXlXZzNrcnN2UTV0VndJT08xSkVWaWNWdmdkZ1doSXlVVzBFVUhtSE9QbzRhUUQrVUtBd1ZMQ1JmNVZDUWlMME1GUkFlTDRCa01kUElkV2JjaUI4NnRENmI4S1FKRWxwWEFRV1F2V1RuY1hWN3RxYWFVaVpQdGk1eFdVZzhBdm9McFA1VzkySG5PZDNXV2ViOW1rVUc4QzFCUTd4VDRSQ1dhWk1ZZnE1MGo1Zk03K2JpTXBMYlBxMjhKWldyM2RudUxuWktYYjdhcWdqMUtVNGl1bTExOTk2R1pOQW1Ma2RVVURYWjZYMDViazZvK0JScDM3L2RiWjlkZHhLT3JWaWtPVXhFQ3hWRVgyLzUydDRhbUQxSzBFZEp2VVNQVC9iTHdya3IzYklSL0gwdlUvRVlFSkpjSTJyVnFRRmJDTHBpdEFxTXlRMS9idTVMUT09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * twpo

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\HzDcZ0_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BbBdCeeaAd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTk0Ni0zKzR4d2Ixc2FnNm5Sb1k0QlYzNE55a2JHS0dNaGhMVGtUUzl0SWkySmxtWTY2cENESmdPZVlrMEd6Vm8xRHVLY01lcFZISy8xZW1ndlhzTm5LeURpNXhlTlRwMk5wNWRrd2JUbjZFN0dqTmlGUFVlMW0vS0wxdzAxK2JaVTNOdlJQQUFFRFgvc042ODl0cEdQaHRLeFU1RkxNNmYvTitaN05lY2JDdHhic3J6bGs1SGpkMGtDVkxaN3ozSTVsVGJLL1pOdXZsL0JacEJIR2NjLzdTZ3JWSitrOFp4QVN1WUt0cC9ZbWIvdHNWcWNVM1htZ3A2RVRzdEVzeWg1WExSYzFqVUQ0V3FHMktnRHJ2aUFnMTZvNGxmL09kQTA5anpNOC9YblNIbXdoaUdPem5ZWkt5ZjdIZXRBc2NhM0VFLzRGMXNkYVltQlNKL1ZYZU0wQ2hoeWQrRTVFdEI4ZjZPMlh3bDFWaWIrOG4xVkp3M1lGU0tPN3lHZ2lGZEV1UTNCaFVNMDRoMEdSK0ZjNkNKT0hVVEdTeXRUOU51RU9WUVJ3dkZRdmdRZElBVFZIUk4yRTdzUTJpVzBCVHBCVUYzSldRUTJuYWc5TjJWc0k0TnZEV3pTNVkyeGFNamNlMElaZGVGUVBYL0FwRmtCUEhGcis0MENhb0llak54SVFwcVJsTEJqWFBvUkNYMTRUNS90V3FiNE5tRmJLbFRDOGRERFZxSVhTTU5tejFvR1hRMlFoZ0tsZ3NGWXY2eThqZ2R1cXYxdXo2a3dzVUVMVmRVeHhWQlgrdUFMa1BJenZEVC9rWkswZDdrcXpkTllLdFZtZURKaGNlRG52ODBtV3M0cVV2cVhaVWVXOGRlSS8wZmwzTnMxRnRwcEJwNlpkVWxXT01PdHhvNFQ4Wlh4Z0dXVkZ1V0xNMHM1d1BacEFZdHJIb2FiQmF0UDhqeW9EaWdwcDUzSW4yQVJHL2E2ellpb3ZhTitZcE1xYW5wOGIyU2o0K1RVS2ZCYmk4bUhodDlzUEhlS1VxMDlTaWlMSnZiYkdMM2srcWJaZkY2TFp6c0U0M0lZMzhObHllZkxHeDVyNFVNdmJkQkRMQWRiRk85TjMzUXovbHpqVXM4UVZva1laNTV0ZEJ2TUM1bTJURm1vU0NkaFhGM1RQVEVBd3VCNDdpQWszbCs1cEVmZ3h5ekV2UXZnS1VDbllrSXNRY0MvMjdFYnE2d2RwREhQR2VlTHN1MkZoSWR5blZJUHFBT0JYWXRiMXdOYURHVC9yMm9qcXljR1dQT0JJSTY2UVlWbCtoYVZXMTFCOUNWanhQTmVvRXFrM01FMk9uSlNHbUNib0VjaGZTKzZtWUJ5TTFCdHBjWGRoY1BYOGhlYmVVd09FT0pUNjh5UjBtV1Rkc011MmxQamRGZ1ZmT3JqVVVhY08yanNkZGhjc2Rldm1POWF5MkFXeHhlVjRIN0o2RVRLSklQSDB0c1JUV1ZKUTJVQm5mVWZibktnOVo0bTNiaG9SWWF0bXhkYUVRZStjV0d6dWVsb2llYVliVWVtZ3ZBNHQzdkJacjR3dzZYMllYWmNkU1pJbDNkQjVSN1loZ2JjT1R5SHhBb08ybGFhbXZWTXc5Y3FQamMxQWFnREJ6VUtRMmJweFE5cGFiNDZMMWR3OWxLRkttWTY0YWpESjlJT2Y3MlExRy9jQmZyQVZPQU1ZMHdDa01SMXlXZzNrcnN2UTV0VndJT08xSkVWaWNWdmdkZ1doSXlVVzBFVUhtSE9QbzRhUUQrVUtBd1ZMQ1JmNVZDUWlMME1GUkFlTDRCa01kUElkV2JjaUI4NnRENmI4S1FKRWxwWEFRV1F2V1RuY1hWN3RxYWFVaVpQdGk1eFdVZzhBdm9McFA1VzkySG5PZDNXV2ViOW1rVUc4QzFCUTd4VDRSQ1dhWk1ZZnE1MGo1Zk03K2JpTXBMYlBxMjhKWldyM2RudUxuWktYYjdhcWdqMUtVNGl1bTExOTk2R1pOQW1Ma2RVVURYWjZYMDViazZvK0JScDM3L2RiWjlkZHhLT3JWaWtPVXhFQ3hWRVgyLzUydDRhbUQxSzBFZEp2VVNQVC9iTHdya3IzYklSL0gwdlUvRVlFSkpjSTJyVnFRRmJDTHBpdEFxTXlRMS9idTVMUT09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * GYQe3C36

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\HzDcZ0_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BbBdCeeaAd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTk0Ni0zKzR4d2Ixc2FnNm5Sb1k0QlYzNE55a2JHS0dNaGhMVGtUUzl0SWkySmxtWTY2cENESmdPZVlrMEd6Vm8xRHVLY01lcFZISy8xZW1ndlhzTm5LeURpNXhlTlRwMk5wNWRrd2JUbjZFN0dqTmlGUFVlMW0vS0wxdzAxK2JaVTNOdlJQQUFFRFgvc042ODl0cEdQaHRLeFU1RkxNNmYvTitaN05lY2JDdHhic3J6bGs1SGpkMGtDVkxaN3ozSTVsVGJLL1pOdXZsL0JacEJIR2NjLzdTZ3JWSitrOFp4QVN1WUt0cC9ZbWIvdHNWcWNVM1htZ3A2RVRzdEVzeWg1WExSYzFqVUQ0V3FHMktnRHJ2aUFnMTZvNGxmL09kQTA5anpNOC9YblNIbXdoaUdPem5ZWkt5ZjdIZXRBc2NhM0VFLzRGMXNkYVltQlNKL1ZYZU0wQ2hoeWQrRTVFdEI4ZjZPMlh3bDFWaWIrOG4xVkp3M1lGU0tPN3lHZ2lGZEV1UTNCaFVNMDRoMEdSK0ZjNkNKT0hVVEdTeXRUOU51RU9WUVJ3dkZRdmdRZElBVFZIUk4yRTdzUTJpVzBCVHBCVUYzSldRUTJuYWc5TjJWc0k0TnZEV3pTNVkyeGFNamNlMElaZGVGUVBYL0FwRmtCUEhGcis0MENhb0llak54SVFwcVJsTEJqWFBvUkNYMTRUNS90V3FiNE5tRmJLbFRDOGRERFZxSVhTTU5tejFvR1hRMlFoZ0tsZ3NGWXY2eThqZ2R1cXYxdXo2a3dzVUVMVmRVeHhWQlgrdUFMa1BJenZEVC9rWkswZDdrcXpkTllLdFZtZURKaGNlRG52ODBtV3M0cVV2cVhaVWVXOGRlSS8wZmwzTnMxRnRwcEJwNlpkVWxXT01PdHhvNFQ4Wlh4Z0dXVkZ1V0xNMHM1d1BacEFZdHJIb2FiQmF0UDhqeW9EaWdwcDUzSW4yQVJHL2E2ellpb3ZhTitZcE1xYW5wOGIyU2o0K1RVS2ZCYmk4bUhodDlzUEhlS1VxMDlTaWlMSnZiYkdMM2srcWJaZkY2TFp6c0U0M0lZMzhObHllZkxHeDVyNFVNdmJkQkRMQWRiRk85TjMzUXovbHpqVXM4UVZva1laNTV0ZEJ2TUM1bTJURm1vU0NkaFhGM1RQVEVBd3VCNDdpQWszbCs1cEVmZ3h5ekV2UXZnS1VDbllrSXNRY0MvMjdFYnE2d2RwREhQR2VlTHN1MkZoSWR5blZJUHFBT0JYWXRiMXdOYURHVC9yMm9qcXljR1dQT0JJSTY2UVlWbCtoYVZXMTFCOUNWanhQTmVvRXFrM01FMk9uSlNHbUNib0VjaGZTKzZtWUJ5TTFCdHBjWGRoY1BYOGhlYmVVd09FT0pUNjh5UjBtV1Rkc011MmxQamRGZ1ZmT3JqVVVhY08yanNkZGhjc2Rldm1POWF5MkFXeHhlVjRIN0o2RVRLSklQSDB0c1JUV1ZKUTJVQm5mVWZibktnOVo0bTNiaG9SWWF0bXhkYUVRZStjV0d6dWVsb2llYVliVWVtZ3ZBNHQzdkJacjR3dzZYMllYWmNkU1pJbDNkQjVSN1loZ2JjT1R5SHhBb08ybGFhbXZWTXc5Y3FQamMxQWFnREJ6VUtRMmJweFE5cGFiNDZMMWR3OWxLRkttWTY0YWpESjlJT2Y3MlExRy9jQmZyQVZPQU1ZMHdDa01SMXlXZzNrcnN2UTV0VndJT08xSkVWaWNWdmdkZ1doSXlVVzBFVUhtSE9QbzRhUUQrVUtBd1ZMQ1JmNVZDUWlMME1GUkFlTDRCa01kUElkV2JjaUI4NnRENmI4S1FKRWxwWEFRV1F2V1RuY1hWN3RxYWFVaVpQdGk1eFdVZzhBdm9McFA1VzkySG5PZDNXV2ViOW1rVUc4QzFCUTd4VDRSQ1dhWk1ZZnE1MGo1Zk03K2JpTXBMYlBxMjhKWldyM2RudUxuWktYYjdhcWdqMUtVNGl1bTExOTk2R1pOQW1Ma2RVVURYWjZYMDViazZvK0JScDM3L2RiWjlkZHhLT3JWaWtPVXhFQ3hWRVgyLzUydDRhbUQxSzBFZEp2VVNQVC9iTHdya3IzYklSL0gwdlUvRVlFSkpjSTJyVnFRRmJDTHBpdEFxTXlRMS9idTVMUT09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * cgY1NOMQ0hb

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Targets

- Target
  
  46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
- Size
  
  775KB
- MD5
  
  c19084114c85192dacfed89a92da6837
- SHA1
  
  a1d6461e833813ccfb77a6929de43ab5383dbb98
- SHA256
  
  46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675
- SHA512
  
  cbcc47dfd2f1e1a15b93ff2df067ebce74a3623b5b5fa1162b9076d25175ea0f3f687c24b5051e7de753697b2a860595cf15351168f999e447ee5d0bc70cc11e
- SSDEEP
  
  24576:+CsD9+OXLpMePfI8TgmBTCDqEbOpPtpFafxfq:YcOXLpMePfzVTCD7gPtLapfq
Score

10^/10

avaddon evasion ransomware trojan
- Avaddon
  Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
  ransomware avaddon
- Avaddon payload
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (209) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2