General
-
Target
89540f4bb2f7839aef430ee07f307f418c8bd7b24127cd500575980004ceb642
-
Size
329KB
-
Sample
240417-qw18wsbd9v
-
MD5
efef7eb654cf974c3b269566f7aaefc4
-
SHA1
38c0b0cb5b610b4e747991310adb3995484dc72a
-
SHA256
89540f4bb2f7839aef430ee07f307f418c8bd7b24127cd500575980004ceb642
-
SHA512
413985659776265a8950e4133d23cb82eea17096eb229c15c405d09c2b0f22811043f234341bd897156d73dc361d913a7a83533750c16177fd3b76915034bae8
-
SSDEEP
6144:/LVLMlkw2xwWSWrhmZtijRc/jVlW8oiSkdlKH3QtAU8uaGqyCpu0BgBcHb+H:/BLvwWnrkARcrV9OXzU8uaG03OaY
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\Desktop\mDyqF_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bACDCCaBbA
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1KaW1rQ0w0WE5JeE82ajZrMkVwMHJCME44cVhYNmhuRHRvcGNBUlRkT0RjZGVaZnNlbU1vTHMvQkp6bDJyQjRLTzhFVWRkVS80a0VIQTJ1N3h0aEpXOEYvOUpWY2dvUG9MMnNCWmZUVEt5eG5IT3ZwaS9GOVRZcnYwclRndHpCeHVRUHBJU0l2Yk9IY3RVdmxMZkV6ZUxxSGxuVHRMQUpGbHIwb2hYQVB1SjZva0pEdHVWTTFaZ051aTFUdlR1dXdybWRSY3kxUlowNnM5Y3FPemE0eCtiWDZJNXI3d3U1YWlZdWxacEhOejZXTXVGYkNtdkxXOGY1eW16ODBad3FLL0tBUXRZdUhORnVTZldGdzl6QW5ycFFDeHpOaWs3SVA4TVFHSyt4RkZsYWpZYzNRZURlRURocS80dTdOZHgyTFg2SmlyajVVNHBrenI2VHFpU2Jnd3VvdDN4bEQySjd6bFpXdkp0SFllbkRnZkMyUWlJOTJ3dWZ6b1pUSzZXL05UTnAzTGE3RmUvcThmL0Q2czZjYVE1U05GOVZGdEhBMElRMUFhL2h5MmttRVZCeDZxNk1zN0tsSmdCaDZGMUtIa09uMU9hTlZJQUc0VWZ4UEVCYVdIOENQcnFDRE9iK0VTU0FBd0xJNkdRRzduZW9lZWVXVDNCNllMVmczSFc1c1BrR3B4UmlLeC9leW9Na3Vib1haVEdHVnRjUHFFeStOeUhKeUdTcGtNeStzSGNrb1VnVURDTFEwVHV5MTljTmpQYjdDMmpxQkl6dTlGRVdTeEZUTUJONHlja0hyRUxRWkhxMlVLZWxWeUZVTC9DclltVnZyUDlJN3hlN0J2SmVYRDRwTXo1R2Jya2pzR29tcFhiQnZzUUx4bTV5ZFIzQ1N2SGsvd1NYWHVRS2lFS3Rxeitwc0ZVekpYU2p5MWRhRTBwYjM2a3A1dXhUb1hmUlE3RG4yYjUvSEkvMEtNeVA5SEN3Sjl4a3d3ZElBaEZva0hxTHRNWjQwZi91V3NFRnhUMlFIdk1XREtnbVMxRTc2emtsUUh0V1kwYzFlUzcrV0I5SGtuemFYU1pXbktHQUFBcVB6QWZETFlMTlNVYTlTVE9vZ2xMNTVHZDRNR2xVZE8rNzZEMlI3S3RweFAwcHFybDJVakhobGdFV0hyQmpSTi9YOEpiL0sxL09oQ284Y0lLQkpGaVBDNEdwN2hveHIzdVl1K1ArVGg5OVdraFZvNDlWR0dKcU9SZFNvVWZsRXVCMG9sbS9rVVluQUxZV0pHM1orbmh6SWYybWVheFhtckZ5dzNFQXduSmpPTkoyV0IvQjVsNm1xMURVY3NTYTNIN3lQbnRXSmszTGY5d2I3SmtZV1RTVFMwdzhlbEpFUHNqOEdSSG5jelF6aWp2VS83TzlvMlBpMG1FVll6WWx4eVh2b1lVcE90anN2VE5abmtBckFLdVE3Yk1TSm9EMGRnTXZwMGtJNDhNTDlTWFQvQ0JxRTBJRDdEL3VOamcwZFUrVExrV2gxaTFha1MycVk1aG0xS2lDVUJYSDZVSXZiMzZldjREVExuQmRPOFF0ZWZXSXNNYjRucGNjRUVuNnBGU0JmZ1gwRXN0aXhOYjRKWEljRDJNbWdCT0pGcTJlNWk3YkR3OTFGdE1Nb1ZXanpwSmo2T1N0cnRWck1PdXhhV0R2TWM1QXd0RUgzeHM3WlBMMU5RbGFGNURUSmc1NDN5elA3WThHeDZMSlpBZzJlUnZ4d09TRGdtMy94RXVZNjZwM0hoRGVwRFNJLytBMXg0dmdhMnZHaVpBbmZsR05zQ2JzRVhCWnVOMkJEeHMxYUdSRW9CMXMzbjRSWWJKT1Mvem04WWVETWV6THZqMmw4WmE3bXdJZGMzbHEzYzkvcUd1bXpNUkNUY3BnU0N3ckd2anduUEJGUUNQSWdDVDllU3cvUC8yQmUwRTRHbXJneTVQd0tWS0hEYlgra01YWkQ1K1loTmw2SE9hSzRKY0NCODZ4cXllSGxCUWpXMnRaZWdEcU8zR2kvMUJ1MzZSeld1NzlvczZDL1phNElRZEJvT2I5SC8rZXc2Wm0zOXE3S2hFdGxVWTlQV2dSb280U3NLS05ZSUlGaHp1U1lJMXBkRGVOMmlJZ09EZjdIcUpCUlg5Q3l0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
cp
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Downloads\mDyqF_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bACDCCaBbA
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1KaW1rQ0w0WE5JeE82ajZrMkVwMHJCME44cVhYNmhuRHRvcGNBUlRkT0RjZGVaZnNlbU1vTHMvQkp6bDJyQjRLTzhFVWRkVS80a0VIQTJ1N3h0aEpXOEYvOUpWY2dvUG9MMnNCWmZUVEt5eG5IT3ZwaS9GOVRZcnYwclRndHpCeHVRUHBJU0l2Yk9IY3RVdmxMZkV6ZUxxSGxuVHRMQUpGbHIwb2hYQVB1SjZva0pEdHVWTTFaZ051aTFUdlR1dXdybWRSY3kxUlowNnM5Y3FPemE0eCtiWDZJNXI3d3U1YWlZdWxacEhOejZXTXVGYkNtdkxXOGY1eW16ODBad3FLL0tBUXRZdUhORnVTZldGdzl6QW5ycFFDeHpOaWs3SVA4TVFHSyt4RkZsYWpZYzNRZURlRURocS80dTdOZHgyTFg2SmlyajVVNHBrenI2VHFpU2Jnd3VvdDN4bEQySjd6bFpXdkp0SFllbkRnZkMyUWlJOTJ3dWZ6b1pUSzZXL05UTnAzTGE3RmUvcThmL0Q2czZjYVE1U05GOVZGdEhBMElRMUFhL2h5MmttRVZCeDZxNk1zN0tsSmdCaDZGMUtIa09uMU9hTlZJQUc0VWZ4UEVCYVdIOENQcnFDRE9iK0VTU0FBd0xJNkdRRzduZW9lZWVXVDNCNllMVmczSFc1c1BrR3B4UmlLeC9leW9Na3Vib1haVEdHVnRjUHFFeStOeUhKeUdTcGtNeStzSGNrb1VnVURDTFEwVHV5MTljTmpQYjdDMmpxQkl6dTlGRVdTeEZUTUJONHlja0hyRUxRWkhxMlVLZWxWeUZVTC9DclltVnZyUDlJN3hlN0J2SmVYRDRwTXo1R2Jya2pzR29tcFhiQnZzUUx4bTV5ZFIzQ1N2SGsvd1NYWHVRS2lFS3Rxeitwc0ZVekpYU2p5MWRhRTBwYjM2a3A1dXhUb1hmUlE3RG4yYjUvSEkvMEtNeVA5SEN3Sjl4a3d3ZElBaEZva0hxTHRNWjQwZi91V3NFRnhUMlFIdk1XREtnbVMxRTc2emtsUUh0V1kwYzFlUzcrV0I5SGtuemFYU1pXbktHQUFBcVB6QWZETFlMTlNVYTlTVE9vZ2xMNTVHZDRNR2xVZE8rNzZEMlI3S3RweFAwcHFybDJVakhobGdFV0hyQmpSTi9YOEpiL0sxL09oQ284Y0lLQkpGaVBDNEdwN2hveHIzdVl1K1ArVGg5OVdraFZvNDlWR0dKcU9SZFNvVWZsRXVCMG9sbS9rVVluQUxZV0pHM1orbmh6SWYybWVheFhtckZ5dzNFQXduSmpPTkoyV0IvQjVsNm1xMURVY3NTYTNIN3lQbnRXSmszTGY5d2I3SmtZV1RTVFMwdzhlbEpFUHNqOEdSSG5jelF6aWp2VS83TzlvMlBpMG1FVll6WWx4eVh2b1lVcE90anN2VE5abmtBckFLdVE3Yk1TSm9EMGRnTXZwMGtJNDhNTDlTWFQvQ0JxRTBJRDdEL3VOamcwZFUrVExrV2gxaTFha1MycVk1aG0xS2lDVUJYSDZVSXZiMzZldjREVExuQmRPOFF0ZWZXSXNNYjRucGNjRUVuNnBGU0JmZ1gwRXN0aXhOYjRKWEljRDJNbWdCT0pGcTJlNWk3YkR3OTFGdE1Nb1ZXanpwSmo2T1N0cnRWck1PdXhhV0R2TWM1QXd0RUgzeHM3WlBMMU5RbGFGNURUSmc1NDN5elA3WThHeDZMSlpBZzJlUnZ4d09TRGdtMy94RXVZNjZwM0hoRGVwRFNJLytBMXg0dmdhMnZHaVpBbmZsR05zQ2JzRVhCWnVOMkJEeHMxYUdSRW9CMXMzbjRSWWJKT1Mvem04WWVETWV6THZqMmw4WmE3bXdJZGMzbHEzYzkvcUd1bXpNUkNUY3BnU0N3ckd2anduUEJGUUNQSWdDVDllU3cvUC8yQmUwRTRHbXJneTVQd0tWS0hEYlgra01YWkQ1K1loTmw2SE9hSzRKY0NCODZ4cXllSGxCUWpXMnRaZWdEcU8zR2kvMUJ1MzZSeld1NzlvczZDL1phNElRZEJvT2I5SC8rZXc2Wm0zOXE3S2hFdGxVWTlQV2dSb280U3NLS05ZSUlGaHp1U1lJMXBkRGVOMmlJZ09EZjdIcUpCUlg5Q3l0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
zxB4u
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Desktop\iTPlwH0_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bBeecbbBE
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1SUzlIRzJBaDRrOEpDMkppQys4ejNVb2N6bjUxSWhzMnJqYXRsdUx5YkhFeHlRYldUS0JmOWxsQ05wYlJVdndSNUVzMC9HSjFiNDZnMEt3TUhmNVVjcyt0V0NCbmR2V1craVVCTmFmSVA5YWJ3eTc4T0xKVWt3R2VxSkw5QUxLT3JkZEI5ZDdKV1Q2Wk9nS3ZwVkljK1dtYnBEMzNYaXp2a0QvUjZ1MTJhZ05JSndEcmhWMW9NOElhUUxmYWFuelAzcWQwcTFIMGo3S1B4VTVTNWUwOTRFbDZ6aEJ0VThBc1Q5Y3ZXNFpZUjRKNStpOHlUOXZJbWxWcEdldzdhNnVIYjV1NHdFeTFBZmxNbDFNY0ZFQlAwVE1OREpXNitJbFk2S3lwbnlYMU5jdUdBbVlxQThuWkVSbnlvOFpJcVZNeWNXVVRQeHZJb05kdlNSdDVsNE40eEtJL3hFYnNuUVhibk11UHVUb3dnSkFFSGwxNVlVUTNOWXlIMUYrckExQ2FBc1RiMCtxMlNmYU42RUZFYXdML2pKZ3A1V2p5RWFOdERRcEtIVDBhVGs2TTYxU2wxSXMzVStUbU9QOURvQzdGNC9NRnNoRXNnblJTcUh3QlVvRVdMWCtYSkw1SHF6bitiMmlIbUdnaVVHd0hGMzhRbjJhTTJMbGU1VG9nbGpCc0g0TG9QUFhoQ1J0VWpUVDhMOEN3RDdmMThCMFpuWGJKTnhkeHNJTURWaldGck9sNkQxYUNUZzRkZzZoMkRmbmhuSWUyRHVjdDhLeDdDYm95TzFnWHNxQ2FNUHBMSlRwOE4rbVlnNllVcFFwKy8yaUR6QzIvL3hQL1Y1TVE3VDIrTHVFeXRaV29NR0FPOWFOTDlQbVZ6ckNNallOVjFPNHR1WWlMaHIwRjJsVGhZdVFoVEtLaWFZZVlOQytYYVE0N2wzdndMUnI3eWdRVDN6TEdSOEJicnB2ME1VclZKbTdOdDNyQXZRUllpbCt4dEJtUFB0VlpNMnpWTlJkellMZ2ZDSjJ3Ky9GbUxaTnQ0d2RvZ01GYUMzQ2p6ZEd5U2lwdUlQVzJIb3ZKUlBJUEYvaHAvRFRVUEJwOXhLOTRkdXJkcU04dGVMdzRsMFMyRk92YnBDZ2hZNURWNDBSeHJ2bEllb05sVTM4TnNsOVFWNkpaeUlsOVBsZnN6UENPb1ZValpUenZLUlNGam5HODhZY2xPaVdCVXZaTVY4dk50d3ZsNVMzdFZGcFFDT0I0YUlZN00rTmh5Rjh5U3ZhUWliMWtBOFYvTFFMbWZudVd5VmhoYzBzT3pBeEJJaktkdkVVbmJiMHA2RStDcllzWVF2YUFndU5YaFVaeFYwWmt0ckd3WTZWRUlHNHlKY3RodU50eFdsVklTWUJRSXB0eDFVUHNHQWdBcTNJRkx1b3pMNUNKcDIzTHc2anZjRCtvdTNqWVMza3ZIeVdRNEJkNGU4em9NeFpBV2ZNVjRTM1c3cFhJUnp0Wjc1QUl2K1ZUUzlLSlI5YUEzSzc4SUlkT2RpRXRjOS9FcTZJNWd2dkcvVVNQOXJ6V1dhLzlweEk5UE16WU5GTFdNVEpreGF1eXVrQ2lyZkY5YVdqbm9BdGdsdElhQ0lUSnhDZC80MUZvLytTLzFVTkttZHBWcXdpVHNFSmFBa1dnRGpxTjdwYlZtRStqc2RVelczMnpVd084VThQZElnZjdNOXRmWm5JaEY4Z2VTYWgrNm1neFcvM21tTytveFBBdWtpUEJyaWsrWDVaY2VKTEZ1SndkY1JWUGE4U3Q5ajJlSUowMHpHekpDNzlDNkltMmpXb0ZlUnVHOXQ2RUE0YllicjNYc2srRUxpdGlMUWkrajlPajQrUmRLdUR2Rm9GSDlwUUlBck9LQWJMSGcrWnV3d1FnY3RkVExHbGd3b25la0xwcFZtelY5RDdzb2dzWXg1K0NldW1ZeVJZTC84Y21WeXFwZnhtd1B6dE52bHpMQlZiNmo4bVM0TDU4UjAvWGJzUXZkSmhzaFJqb3BSODVva2NkSUxtYnQ5WmNkTDdrdVZFQkFpY2ZENUJWank4QStQcXh4ZUhsRFlPS3ZwdVp6eERWbURZYXpxQlA2bHFkYWlDMVRTR1ltVGZweDROWUIyWVp2RnN4anRRUk1RZ0p0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
bvJFZAh
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Documents\iTPlwH0_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bBeecbbBE
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1SUzlIRzJBaDRrOEpDMkppQys4ejNVb2N6bjUxSWhzMnJqYXRsdUx5YkhFeHlRYldUS0JmOWxsQ05wYlJVdndSNUVzMC9HSjFiNDZnMEt3TUhmNVVjcyt0V0NCbmR2V1craVVCTmFmSVA5YWJ3eTc4T0xKVWt3R2VxSkw5QUxLT3JkZEI5ZDdKV1Q2Wk9nS3ZwVkljK1dtYnBEMzNYaXp2a0QvUjZ1MTJhZ05JSndEcmhWMW9NOElhUUxmYWFuelAzcWQwcTFIMGo3S1B4VTVTNWUwOTRFbDZ6aEJ0VThBc1Q5Y3ZXNFpZUjRKNStpOHlUOXZJbWxWcEdldzdhNnVIYjV1NHdFeTFBZmxNbDFNY0ZFQlAwVE1OREpXNitJbFk2S3lwbnlYMU5jdUdBbVlxQThuWkVSbnlvOFpJcVZNeWNXVVRQeHZJb05kdlNSdDVsNE40eEtJL3hFYnNuUVhibk11UHVUb3dnSkFFSGwxNVlVUTNOWXlIMUYrckExQ2FBc1RiMCtxMlNmYU42RUZFYXdML2pKZ3A1V2p5RWFOdERRcEtIVDBhVGs2TTYxU2wxSXMzVStUbU9QOURvQzdGNC9NRnNoRXNnblJTcUh3QlVvRVdMWCtYSkw1SHF6bitiMmlIbUdnaVVHd0hGMzhRbjJhTTJMbGU1VG9nbGpCc0g0TG9QUFhoQ1J0VWpUVDhMOEN3RDdmMThCMFpuWGJKTnhkeHNJTURWaldGck9sNkQxYUNUZzRkZzZoMkRmbmhuSWUyRHVjdDhLeDdDYm95TzFnWHNxQ2FNUHBMSlRwOE4rbVlnNllVcFFwKy8yaUR6QzIvL3hQL1Y1TVE3VDIrTHVFeXRaV29NR0FPOWFOTDlQbVZ6ckNNallOVjFPNHR1WWlMaHIwRjJsVGhZdVFoVEtLaWFZZVlOQytYYVE0N2wzdndMUnI3eWdRVDN6TEdSOEJicnB2ME1VclZKbTdOdDNyQXZRUllpbCt4dEJtUFB0VlpNMnpWTlJkellMZ2ZDSjJ3Ky9GbUxaTnQ0d2RvZ01GYUMzQ2p6ZEd5U2lwdUlQVzJIb3ZKUlBJUEYvaHAvRFRVUEJwOXhLOTRkdXJkcU04dGVMdzRsMFMyRk92YnBDZ2hZNURWNDBSeHJ2bEllb05sVTM4TnNsOVFWNkpaeUlsOVBsZnN6UENPb1ZValpUenZLUlNGam5HODhZY2xPaVdCVXZaTVY4dk50d3ZsNVMzdFZGcFFDT0I0YUlZN00rTmh5Rjh5U3ZhUWliMWtBOFYvTFFMbWZudVd5VmhoYzBzT3pBeEJJaktkdkVVbmJiMHA2RStDcllzWVF2YUFndU5YaFVaeFYwWmt0ckd3WTZWRUlHNHlKY3RodU50eFdsVklTWUJRSXB0eDFVUHNHQWdBcTNJRkx1b3pMNUNKcDIzTHc2anZjRCtvdTNqWVMza3ZIeVdRNEJkNGU4em9NeFpBV2ZNVjRTM1c3cFhJUnp0Wjc1QUl2K1ZUUzlLSlI5YUEzSzc4SUlkT2RpRXRjOS9FcTZJNWd2dkcvVVNQOXJ6V1dhLzlweEk5UE16WU5GTFdNVEpreGF1eXVrQ2lyZkY5YVdqbm9BdGdsdElhQ0lUSnhDZC80MUZvLytTLzFVTkttZHBWcXdpVHNFSmFBa1dnRGpxTjdwYlZtRStqc2RVelczMnpVd084VThQZElnZjdNOXRmWm5JaEY4Z2VTYWgrNm1neFcvM21tTytveFBBdWtpUEJyaWsrWDVaY2VKTEZ1SndkY1JWUGE4U3Q5ajJlSUowMHpHekpDNzlDNkltMmpXb0ZlUnVHOXQ2RUE0YllicjNYc2srRUxpdGlMUWkrajlPajQrUmRLdUR2Rm9GSDlwUUlBck9LQWJMSGcrWnV3d1FnY3RkVExHbGd3b25la0xwcFZtelY5RDdzb2dzWXg1K0NldW1ZeVJZTC84Y21WeXFwZnhtd1B6dE52bHpMQlZiNmo4bVM0TDU4UjAvWGJzUXZkSmhzaFJqb3BSODVva2NkSUxtYnQ5WmNkTDdrdVZFQkFpY2ZENUJWank4QStQcXh4ZUhsRFlPS3ZwdVp6eERWbURZYXpxQlA2bHFkYWlDMVRTR1ltVGZweDROWUIyWVp2RnN4anRRUk1RZ0p0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
xXvcuMTIwD
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Downloads\iTPlwH0_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bBeecbbBE
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1SUzlIRzJBaDRrOEpDMkppQys4ejNVb2N6bjUxSWhzMnJqYXRsdUx5YkhFeHlRYldUS0JmOWxsQ05wYlJVdndSNUVzMC9HSjFiNDZnMEt3TUhmNVVjcyt0V0NCbmR2V1craVVCTmFmSVA5YWJ3eTc4T0xKVWt3R2VxSkw5QUxLT3JkZEI5ZDdKV1Q2Wk9nS3ZwVkljK1dtYnBEMzNYaXp2a0QvUjZ1MTJhZ05JSndEcmhWMW9NOElhUUxmYWFuelAzcWQwcTFIMGo3S1B4VTVTNWUwOTRFbDZ6aEJ0VThBc1Q5Y3ZXNFpZUjRKNStpOHlUOXZJbWxWcEdldzdhNnVIYjV1NHdFeTFBZmxNbDFNY0ZFQlAwVE1OREpXNitJbFk2S3lwbnlYMU5jdUdBbVlxQThuWkVSbnlvOFpJcVZNeWNXVVRQeHZJb05kdlNSdDVsNE40eEtJL3hFYnNuUVhibk11UHVUb3dnSkFFSGwxNVlVUTNOWXlIMUYrckExQ2FBc1RiMCtxMlNmYU42RUZFYXdML2pKZ3A1V2p5RWFOdERRcEtIVDBhVGs2TTYxU2wxSXMzVStUbU9QOURvQzdGNC9NRnNoRXNnblJTcUh3QlVvRVdMWCtYSkw1SHF6bitiMmlIbUdnaVVHd0hGMzhRbjJhTTJMbGU1VG9nbGpCc0g0TG9QUFhoQ1J0VWpUVDhMOEN3RDdmMThCMFpuWGJKTnhkeHNJTURWaldGck9sNkQxYUNUZzRkZzZoMkRmbmhuSWUyRHVjdDhLeDdDYm95TzFnWHNxQ2FNUHBMSlRwOE4rbVlnNllVcFFwKy8yaUR6QzIvL3hQL1Y1TVE3VDIrTHVFeXRaV29NR0FPOWFOTDlQbVZ6ckNNallOVjFPNHR1WWlMaHIwRjJsVGhZdVFoVEtLaWFZZVlOQytYYVE0N2wzdndMUnI3eWdRVDN6TEdSOEJicnB2ME1VclZKbTdOdDNyQXZRUllpbCt4dEJtUFB0VlpNMnpWTlJkellMZ2ZDSjJ3Ky9GbUxaTnQ0d2RvZ01GYUMzQ2p6ZEd5U2lwdUlQVzJIb3ZKUlBJUEYvaHAvRFRVUEJwOXhLOTRkdXJkcU04dGVMdzRsMFMyRk92YnBDZ2hZNURWNDBSeHJ2bEllb05sVTM4TnNsOVFWNkpaeUlsOVBsZnN6UENPb1ZValpUenZLUlNGam5HODhZY2xPaVdCVXZaTVY4dk50d3ZsNVMzdFZGcFFDT0I0YUlZN00rTmh5Rjh5U3ZhUWliMWtBOFYvTFFMbWZudVd5VmhoYzBzT3pBeEJJaktkdkVVbmJiMHA2RStDcllzWVF2YUFndU5YaFVaeFYwWmt0ckd3WTZWRUlHNHlKY3RodU50eFdsVklTWUJRSXB0eDFVUHNHQWdBcTNJRkx1b3pMNUNKcDIzTHc2anZjRCtvdTNqWVMza3ZIeVdRNEJkNGU4em9NeFpBV2ZNVjRTM1c3cFhJUnp0Wjc1QUl2K1ZUUzlLSlI5YUEzSzc4SUlkT2RpRXRjOS9FcTZJNWd2dkcvVVNQOXJ6V1dhLzlweEk5UE16WU5GTFdNVEpreGF1eXVrQ2lyZkY5YVdqbm9BdGdsdElhQ0lUSnhDZC80MUZvLytTLzFVTkttZHBWcXdpVHNFSmFBa1dnRGpxTjdwYlZtRStqc2RVelczMnpVd084VThQZElnZjdNOXRmWm5JaEY4Z2VTYWgrNm1neFcvM21tTytveFBBdWtpUEJyaWsrWDVaY2VKTEZ1SndkY1JWUGE4U3Q5ajJlSUowMHpHekpDNzlDNkltMmpXb0ZlUnVHOXQ2RUE0YllicjNYc2srRUxpdGlMUWkrajlPajQrUmRLdUR2Rm9GSDlwUUlBck9LQWJMSGcrWnV3d1FnY3RkVExHbGd3b25la0xwcFZtelY5RDdzb2dzWXg1K0NldW1ZeVJZTC84Y21WeXFwZnhtd1B6dE52bHpMQlZiNmo4bVM0TDU4UjAvWGJzUXZkSmhzaFJqb3BSODVva2NkSUxtYnQ5WmNkTDdrdVZFQkFpY2ZENUJWank4QStQcXh4ZUhsRFlPS3ZwdVp6eERWbURZYXpxQlA2bHFkYWlDMVRTR1ltVGZweDROWUIyWVp2RnN4anRRUk1RZ0p0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
KfWSiZGbmpPoP
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Downloads\iTPlwH0_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bBeecbbBE
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1SUzlIRzJBaDRrOEpDMkppQys4ejNVb2N6bjUxSWhzMnJqYXRsdUx5YkhFeHlRYldUS0JmOWxsQ05wYlJVdndSNUVzMC9HSjFiNDZnMEt3TUhmNVVjcyt0V0NCbmR2V1craVVCTmFmSVA5YWJ3eTc4T0xKVWt3R2VxSkw5QUxLT3JkZEI5ZDdKV1Q2Wk9nS3ZwVkljK1dtYnBEMzNYaXp2a0QvUjZ1MTJhZ05JSndEcmhWMW9NOElhUUxmYWFuelAzcWQwcTFIMGo3S1B4VTVTNWUwOTRFbDZ6aEJ0VThBc1Q5Y3ZXNFpZUjRKNStpOHlUOXZJbWxWcEdldzdhNnVIYjV1NHdFeTFBZmxNbDFNY0ZFQlAwVE1OREpXNitJbFk2S3lwbnlYMU5jdUdBbVlxQThuWkVSbnlvOFpJcVZNeWNXVVRQeHZJb05kdlNSdDVsNE40eEtJL3hFYnNuUVhibk11UHVUb3dnSkFFSGwxNVlVUTNOWXlIMUYrckExQ2FBc1RiMCtxMlNmYU42RUZFYXdML2pKZ3A1V2p5RWFOdERRcEtIVDBhVGs2TTYxU2wxSXMzVStUbU9QOURvQzdGNC9NRnNoRXNnblJTcUh3QlVvRVdMWCtYSkw1SHF6bitiMmlIbUdnaVVHd0hGMzhRbjJhTTJMbGU1VG9nbGpCc0g0TG9QUFhoQ1J0VWpUVDhMOEN3RDdmMThCMFpuWGJKTnhkeHNJTURWaldGck9sNkQxYUNUZzRkZzZoMkRmbmhuSWUyRHVjdDhLeDdDYm95TzFnWHNxQ2FNUHBMSlRwOE4rbVlnNllVcFFwKy8yaUR6QzIvL3hQL1Y1TVE3VDIrTHVFeXRaV29NR0FPOWFOTDlQbVZ6ckNNallOVjFPNHR1WWlMaHIwRjJsVGhZdVFoVEtLaWFZZVlOQytYYVE0N2wzdndMUnI3eWdRVDN6TEdSOEJicnB2ME1VclZKbTdOdDNyQXZRUllpbCt4dEJtUFB0VlpNMnpWTlJkellMZ2ZDSjJ3Ky9GbUxaTnQ0d2RvZ01GYUMzQ2p6ZEd5U2lwdUlQVzJIb3ZKUlBJUEYvaHAvRFRVUEJwOXhLOTRkdXJkcU04dGVMdzRsMFMyRk92YnBDZ2hZNURWNDBSeHJ2bEllb05sVTM4TnNsOVFWNkpaeUlsOVBsZnN6UENPb1ZValpUenZLUlNGam5HODhZY2xPaVdCVXZaTVY4dk50d3ZsNVMzdFZGcFFDT0I0YUlZN00rTmh5Rjh5U3ZhUWliMWtBOFYvTFFMbWZudVd5VmhoYzBzT3pBeEJJaktkdkVVbmJiMHA2RStDcllzWVF2YUFndU5YaFVaeFYwWmt0ckd3WTZWRUlHNHlKY3RodU50eFdsVklTWUJRSXB0eDFVUHNHQWdBcTNJRkx1b3pMNUNKcDIzTHc2anZjRCtvdTNqWVMza3ZIeVdRNEJkNGU4em9NeFpBV2ZNVjRTM1c3cFhJUnp0Wjc1QUl2K1ZUUzlLSlI5YUEzSzc4SUlkT2RpRXRjOS9FcTZJNWd2dkcvVVNQOXJ6V1dhLzlweEk5UE16WU5GTFdNVEpreGF1eXVrQ2lyZkY5YVdqbm9BdGdsdElhQ0lUSnhDZC80MUZvLytTLzFVTkttZHBWcXdpVHNFSmFBa1dnRGpxTjdwYlZtRStqc2RVelczMnpVd084VThQZElnZjdNOXRmWm5JaEY4Z2VTYWgrNm1neFcvM21tTytveFBBdWtpUEJyaWsrWDVaY2VKTEZ1SndkY1JWUGE4U3Q5ajJlSUowMHpHekpDNzlDNkltMmpXb0ZlUnVHOXQ2RUE0YllicjNYc2srRUxpdGlMUWkrajlPajQrUmRLdUR2Rm9GSDlwUUlBck9LQWJMSGcrWnV3d1FnY3RkVExHbGd3b25la0xwcFZtelY5RDdzb2dzWXg1K0NldW1ZeVJZTC84Y21WeXFwZnhtd1B6dE52bHpMQlZiNmo4bVM0TDU4UjAvWGJzUXZkSmhzaFJqb3BSODVva2NkSUxtYnQ5WmNkTDdrdVZFQkFpY2ZENUJWank4QStQcXh4ZUhsRFlPS3ZwdVp6eERWbURZYXpxQlA2bHFkYWlDMVRTR1ltVGZweDROWUIyWVp2RnN4anRRUk1RZ0p0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
AH7p3l3PcR7NHntPr
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Pictures\iTPlwH0_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bBeecbbBE
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1SUzlIRzJBaDRrOEpDMkppQys4ejNVb2N6bjUxSWhzMnJqYXRsdUx5YkhFeHlRYldUS0JmOWxsQ05wYlJVdndSNUVzMC9HSjFiNDZnMEt3TUhmNVVjcyt0V0NCbmR2V1craVVCTmFmSVA5YWJ3eTc4T0xKVWt3R2VxSkw5QUxLT3JkZEI5ZDdKV1Q2Wk9nS3ZwVkljK1dtYnBEMzNYaXp2a0QvUjZ1MTJhZ05JSndEcmhWMW9NOElhUUxmYWFuelAzcWQwcTFIMGo3S1B4VTVTNWUwOTRFbDZ6aEJ0VThBc1Q5Y3ZXNFpZUjRKNStpOHlUOXZJbWxWcEdldzdhNnVIYjV1NHdFeTFBZmxNbDFNY0ZFQlAwVE1OREpXNitJbFk2S3lwbnlYMU5jdUdBbVlxQThuWkVSbnlvOFpJcVZNeWNXVVRQeHZJb05kdlNSdDVsNE40eEtJL3hFYnNuUVhibk11UHVUb3dnSkFFSGwxNVlVUTNOWXlIMUYrckExQ2FBc1RiMCtxMlNmYU42RUZFYXdML2pKZ3A1V2p5RWFOdERRcEtIVDBhVGs2TTYxU2wxSXMzVStUbU9QOURvQzdGNC9NRnNoRXNnblJTcUh3QlVvRVdMWCtYSkw1SHF6bitiMmlIbUdnaVVHd0hGMzhRbjJhTTJMbGU1VG9nbGpCc0g0TG9QUFhoQ1J0VWpUVDhMOEN3RDdmMThCMFpuWGJKTnhkeHNJTURWaldGck9sNkQxYUNUZzRkZzZoMkRmbmhuSWUyRHVjdDhLeDdDYm95TzFnWHNxQ2FNUHBMSlRwOE4rbVlnNllVcFFwKy8yaUR6QzIvL3hQL1Y1TVE3VDIrTHVFeXRaV29NR0FPOWFOTDlQbVZ6ckNNallOVjFPNHR1WWlMaHIwRjJsVGhZdVFoVEtLaWFZZVlOQytYYVE0N2wzdndMUnI3eWdRVDN6TEdSOEJicnB2ME1VclZKbTdOdDNyQXZRUllpbCt4dEJtUFB0VlpNMnpWTlJkellMZ2ZDSjJ3Ky9GbUxaTnQ0d2RvZ01GYUMzQ2p6ZEd5U2lwdUlQVzJIb3ZKUlBJUEYvaHAvRFRVUEJwOXhLOTRkdXJkcU04dGVMdzRsMFMyRk92YnBDZ2hZNURWNDBSeHJ2bEllb05sVTM4TnNsOVFWNkpaeUlsOVBsZnN6UENPb1ZValpUenZLUlNGam5HODhZY2xPaVdCVXZaTVY4dk50d3ZsNVMzdFZGcFFDT0I0YUlZN00rTmh5Rjh5U3ZhUWliMWtBOFYvTFFMbWZudVd5VmhoYzBzT3pBeEJJaktkdkVVbmJiMHA2RStDcllzWVF2YUFndU5YaFVaeFYwWmt0ckd3WTZWRUlHNHlKY3RodU50eFdsVklTWUJRSXB0eDFVUHNHQWdBcTNJRkx1b3pMNUNKcDIzTHc2anZjRCtvdTNqWVMza3ZIeVdRNEJkNGU4em9NeFpBV2ZNVjRTM1c3cFhJUnp0Wjc1QUl2K1ZUUzlLSlI5YUEzSzc4SUlkT2RpRXRjOS9FcTZJNWd2dkcvVVNQOXJ6V1dhLzlweEk5UE16WU5GTFdNVEpreGF1eXVrQ2lyZkY5YVdqbm9BdGdsdElhQ0lUSnhDZC80MUZvLytTLzFVTkttZHBWcXdpVHNFSmFBa1dnRGpxTjdwYlZtRStqc2RVelczMnpVd084VThQZElnZjdNOXRmWm5JaEY4Z2VTYWgrNm1neFcvM21tTytveFBBdWtpUEJyaWsrWDVaY2VKTEZ1SndkY1JWUGE4U3Q5ajJlSUowMHpHekpDNzlDNkltMmpXb0ZlUnVHOXQ2RUE0YllicjNYc2srRUxpdGlMUWkrajlPajQrUmRLdUR2Rm9GSDlwUUlBck9LQWJMSGcrWnV3d1FnY3RkVExHbGd3b25la0xwcFZtelY5RDdzb2dzWXg1K0NldW1ZeVJZTC84Y21WeXFwZnhtd1B6dE52bHpMQlZiNmo4bVM0TDU4UjAvWGJzUXZkSmhzaFJqb3BSODVva2NkSUxtYnQ5WmNkTDdrdVZFQkFpY2ZENUJWank4QStQcXh4ZUhsRFlPS3ZwdVp6eERWbURZYXpxQlA2bHFkYWlDMVRTR1ltVGZweDROWUIyWVp2RnN4anRRUk1RZ0p0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
XQFBOxqjR4pwdE1R25p6
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Pictures\iTPlwH0_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bBeecbbBE
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTk0Ni1SUzlIRzJBaDRrOEpDMkppQys4ejNVb2N6bjUxSWhzMnJqYXRsdUx5YkhFeHlRYldUS0JmOWxsQ05wYlJVdndSNUVzMC9HSjFiNDZnMEt3TUhmNVVjcyt0V0NCbmR2V1craVVCTmFmSVA5YWJ3eTc4T0xKVWt3R2VxSkw5QUxLT3JkZEI5ZDdKV1Q2Wk9nS3ZwVkljK1dtYnBEMzNYaXp2a0QvUjZ1MTJhZ05JSndEcmhWMW9NOElhUUxmYWFuelAzcWQwcTFIMGo3S1B4VTVTNWUwOTRFbDZ6aEJ0VThBc1Q5Y3ZXNFpZUjRKNStpOHlUOXZJbWxWcEdldzdhNnVIYjV1NHdFeTFBZmxNbDFNY0ZFQlAwVE1OREpXNitJbFk2S3lwbnlYMU5jdUdBbVlxQThuWkVSbnlvOFpJcVZNeWNXVVRQeHZJb05kdlNSdDVsNE40eEtJL3hFYnNuUVhibk11UHVUb3dnSkFFSGwxNVlVUTNOWXlIMUYrckExQ2FBc1RiMCtxMlNmYU42RUZFYXdML2pKZ3A1V2p5RWFOdERRcEtIVDBhVGs2TTYxU2wxSXMzVStUbU9QOURvQzdGNC9NRnNoRXNnblJTcUh3QlVvRVdMWCtYSkw1SHF6bitiMmlIbUdnaVVHd0hGMzhRbjJhTTJMbGU1VG9nbGpCc0g0TG9QUFhoQ1J0VWpUVDhMOEN3RDdmMThCMFpuWGJKTnhkeHNJTURWaldGck9sNkQxYUNUZzRkZzZoMkRmbmhuSWUyRHVjdDhLeDdDYm95TzFnWHNxQ2FNUHBMSlRwOE4rbVlnNllVcFFwKy8yaUR6QzIvL3hQL1Y1TVE3VDIrTHVFeXRaV29NR0FPOWFOTDlQbVZ6ckNNallOVjFPNHR1WWlMaHIwRjJsVGhZdVFoVEtLaWFZZVlOQytYYVE0N2wzdndMUnI3eWdRVDN6TEdSOEJicnB2ME1VclZKbTdOdDNyQXZRUllpbCt4dEJtUFB0VlpNMnpWTlJkellMZ2ZDSjJ3Ky9GbUxaTnQ0d2RvZ01GYUMzQ2p6ZEd5U2lwdUlQVzJIb3ZKUlBJUEYvaHAvRFRVUEJwOXhLOTRkdXJkcU04dGVMdzRsMFMyRk92YnBDZ2hZNURWNDBSeHJ2bEllb05sVTM4TnNsOVFWNkpaeUlsOVBsZnN6UENPb1ZValpUenZLUlNGam5HODhZY2xPaVdCVXZaTVY4dk50d3ZsNVMzdFZGcFFDT0I0YUlZN00rTmh5Rjh5U3ZhUWliMWtBOFYvTFFMbWZudVd5VmhoYzBzT3pBeEJJaktkdkVVbmJiMHA2RStDcllzWVF2YUFndU5YaFVaeFYwWmt0ckd3WTZWRUlHNHlKY3RodU50eFdsVklTWUJRSXB0eDFVUHNHQWdBcTNJRkx1b3pMNUNKcDIzTHc2anZjRCtvdTNqWVMza3ZIeVdRNEJkNGU4em9NeFpBV2ZNVjRTM1c3cFhJUnp0Wjc1QUl2K1ZUUzlLSlI5YUEzSzc4SUlkT2RpRXRjOS9FcTZJNWd2dkcvVVNQOXJ6V1dhLzlweEk5UE16WU5GTFdNVEpreGF1eXVrQ2lyZkY5YVdqbm9BdGdsdElhQ0lUSnhDZC80MUZvLytTLzFVTkttZHBWcXdpVHNFSmFBa1dnRGpxTjdwYlZtRStqc2RVelczMnpVd084VThQZElnZjdNOXRmWm5JaEY4Z2VTYWgrNm1neFcvM21tTytveFBBdWtpUEJyaWsrWDVaY2VKTEZ1SndkY1JWUGE4U3Q5ajJlSUowMHpHekpDNzlDNkltMmpXb0ZlUnVHOXQ2RUE0YllicjNYc2srRUxpdGlMUWkrajlPajQrUmRLdUR2Rm9GSDlwUUlBck9LQWJMSGcrWnV3d1FnY3RkVExHbGd3b25la0xwcFZtelY5RDdzb2dzWXg1K0NldW1ZeVJZTC84Y21WeXFwZnhtd1B6dE52bHpMQlZiNmo4bVM0TDU4UjAvWGJzUXZkSmhzaFJqb3BSODVva2NkSUxtYnQ5WmNkTDdrdVZFQkFpY2ZENUJWank4QStQcXh4ZUhsRFlPS3ZwdVp6eERWbURZYXpxQlA2bHFkYWlDMVRTR1ltVGZweDROWUIyWVp2RnN4anRRUk1RZ0p0Zz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
t2q2jAcWngX1WefThbkEVOL
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
-
Size
775KB
-
MD5
c19084114c85192dacfed89a92da6837
-
SHA1
a1d6461e833813ccfb77a6929de43ab5383dbb98
-
SHA256
46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675
-
SHA512
cbcc47dfd2f1e1a15b93ff2df067ebce74a3623b5b5fa1162b9076d25175ea0f3f687c24b5051e7de753697b2a860595cf15351168f999e447ee5d0bc70cc11e
-
SSDEEP
24576:+CsD9+OXLpMePfI8TgmBTCDqEbOpPtpFafxfq:YcOXLpMePfzVTCD7gPtLapfq
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
2