avaddon | 4fe6e2ac319397f53a6ea46e77cde425187df6fca2f0f630fc0f5d6eb0901ae1 | Triage

Submit
Reports

Overview

overview

Static

static

3

48689c986e...2c.exe

windows7-x64

48689c986e...2c.exe

windows10-2004-x64

Sharing

General

Target

4fe6e2ac319397f53a6ea46e77cde425187df6fca2f0f630fc0f5d6eb0901ae1
Size

570KB
Sample

240417-qgk85aad7w
MD5

81c96278fb83c436d0fd8aaae5db5ee6
SHA1

93081fa2fc13d69480426d9c38921c78a3edc35c
SHA256

4fe6e2ac319397f53a6ea46e77cde425187df6fca2f0f630fc0f5d6eb0901ae1
SHA512

c8b561135677b5942f16f01d608b2e7ee3a8eaeac19b1fe752120567789689097cd2243226ec5331b0a830fe9ed4b6e2575341b7d368a6b9759e485d93bf175e
SSDEEP

12288:9mL2/mMj8gMDnzorOwLWeWXt8yLXFrdTFq6Of1+X952n:9m0mMj4jzoCwnuxTg1M2n

Score

10^/10

avaddon evasion ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

Resource

win7-20240215-en

avaddon evasion ransomware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

Resource

win10v2004-20240412-en

avaddon evasion ransomware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
- Size
  
  645KB
- MD5
  
  79cdf459683c39e9704a37a6be9bc877
- SHA1
  
  450d4f351c3dd168e313b309da4bd8a817453d1d
- SHA256
  
  48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c
- SHA512
  
  2cc3f164e92650c4d4aed7012da7d303d24cdc63565ed744a28cb6d59465189233a128a01f4b807aa972057e0d0d98742c5ca9b41a67bf59f0f115de30eb6bd4
- SSDEEP
  
  12288:Ya8gND5n7gG2WERaCyDVbdlSQLeYBgdAULx9mutZo5B:YgNDBg3JRaCyDVplSUBgrHtZor
Score

10^/10

avaddon evasion ransomware trojan
- Avaddon
  Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
  ransomware avaddon
- Avaddon payload
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (165) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Indicator Removal

File Deletion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

avaddonevasionransomwaretrojan

behavioral2

avaddonevasionransomwaretrojan

© 2018-2024

Terms | Privacy