General
-
Target
4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897
-
Size
570KB
-
Sample
240417-qw1blabd81
-
MD5
68aa34a65ba41100e2fcf54f5d5f56bf
-
SHA1
b66891c3243fc82afb74d0e3e86fe66c32392801
-
SHA256
4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897
-
SHA512
0165666753dd3cbd3b3e64f330640ee520948d740834cc239cdd4051d54af61456c92804b19cb45c8877e0bbb68b1bca238b54a56ae766d9925442193c45a889
-
SSDEEP
12288:X9Q+RBvsRWJ0jnmEGX5VztyOVHBQ/xyNqmcP1xsXZvf78vL:X9fB0enyc1NqPwXZXYj
Malware Config
Targets
-
-
Target
48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
-
Size
645KB
-
MD5
79cdf459683c39e9704a37a6be9bc877
-
SHA1
450d4f351c3dd168e313b309da4bd8a817453d1d
-
SHA256
48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c
-
SHA512
2cc3f164e92650c4d4aed7012da7d303d24cdc63565ed744a28cb6d59465189233a128a01f4b807aa972057e0d0d98742c5ca9b41a67bf59f0f115de30eb6bd4
-
SSDEEP
12288:Ya8gND5n7gG2WERaCyDVbdlSQLeYBgdAULx9mutZo5B:YgNDBg3JRaCyDVplSUBgrHtZor
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Avaddon payload
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (164) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
2