Overview

overview

10

Static

static

3

48689c986e...2c.exe

windows7-x64

10

48689c986e...2c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897

  • Size

    570KB

  • Sample

    240417-qw1blabd81

  • MD5

    68aa34a65ba41100e2fcf54f5d5f56bf

  • SHA1

    b66891c3243fc82afb74d0e3e86fe66c32392801

  • SHA256

    4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897

  • SHA512

    0165666753dd3cbd3b3e64f330640ee520948d740834cc239cdd4051d54af61456c92804b19cb45c8877e0bbb68b1bca238b54a56ae766d9925442193c45a889

  • SSDEEP

    12288:X9Q+RBvsRWJ0jnmEGX5VztyOVHBQ/xyNqmcP1xsXZvf78vL:X9fB0enyc1NqPwXZXYj

Score
10/10
avaddonevasionransomwaretrojan

Malware Config

Targets

    • Target

      48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

    • Size

      645KB

    • MD5

      79cdf459683c39e9704a37a6be9bc877

    • SHA1

      450d4f351c3dd168e313b309da4bd8a817453d1d

    • SHA256

      48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c

    • SHA512

      2cc3f164e92650c4d4aed7012da7d303d24cdc63565ed744a28cb6d59465189233a128a01f4b807aa972057e0d0d98742c5ca9b41a67bf59f0f115de30eb6bd4

    • SSDEEP

      12288:Ya8gND5n7gG2WERaCyDVbdlSQLeYBgdAULx9mutZo5B:YgNDBg3JRaCyDVplSUBgrHtZor

    Score
    10/10
    avaddonevasionransomwaretrojan

    • Avaddon

      Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

      ransomwareavaddon

    • Avaddon payload

    • UAC bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (164) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Resource Development

Reconnaissance

Tasks