avaddon

Sharing

Copy URL

Twitter E-mail

General

Target

f3ecda6c178062f2a1d4dae90ee9056444618563adeb35a7ddc7182841dc19f2
Size

382KB
Sample

240417-qw5w3sbd9z
MD5

d7a113d440b14ecf91e66cf204f6d3a7
SHA1

278a9bf5c25e419e688de6d5025370d535565645
SHA256

f3ecda6c178062f2a1d4dae90ee9056444618563adeb35a7ddc7182841dc19f2
SHA512

4918476327f76751ee3beb66c120651d41f6d0c27052dd0e7c3dbe86778759907e08bf416aee975d14f843037957dadb91ac4960ee7d197d1c1a78dc80078798
SSDEEP

6144:QAZqCqDAd53xN969eDDVRZQ7KioHN5jgDcw4eI7AOLzAVEPYnn5qKuKI0HCu+s:nZXqDA/3v9DZjQ2fHNDg5OHOr5qKVIl4

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\l4EM4_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .CBEAdcabb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MjAwNC1OZ1hEZnh4cDJmRFFsU2RiK1lZK2plcEtwSVlUWXFFYkxuUUt0ekc5WjQzeGt6Z1NpSVRGTjMrRXQ0eTNZNUJRVFJLNTBGeWErbjZvSW9Ud2xPZnBCV3kzZUtCYzdMcWpBSGRSVUZaRjh4UGd4dzBHN3RiZG5YU3RDdVNJeExZb1dKeWhHTkZCQi9tR3dGMCtrbGJIR1Y2ajdnUU9oblJhZ2F0MHVYYm42Wm1BSjVGaUhtY3N6dEEyMHZGNVp3dXczMEFGZklQNDhKWkJZOFptRDlhNzBneUt5YUNLWk9rckxXK21xZTU0ZkJNRDBIWmtySUNlQjY3T0IxWnBRcUJTYjNXUFM3Vi83SzM3YjJadWZRRG5MTjROR3NKRllIUHl6MlhnQkNZUGx0bENKZjh5RTdUZTUzeWUrUTNJaUQrQ3lINzBLcjIzbkRORE56KzJLMzFIMCtyRzlhT1VNNW1GVk5NV2M4NlJPRE5DUVFISXMrbGFPV0MwaW1JSVNRWGU3SDZDaDFoMUJvaHI1bGZqUmo3Z1F3bWVUTFRNMnNqNFdBeEJueGpIeVcwcnFudDNRMUJoTkc3c01HWXYzMXNIL21UNGt2cUZHOTRtSk1DTy9vd3Exa2w1V25jbzZiZWVrMDZWWEtDVVJNM0U5TVBiZTdXL3daNUxJWHlmOUhSZTk1S01qeHd4L3R1VlZmSmVzWmY1M0xabzU2dnY0RzlQM3BkazlWTlpNdGZ1YVJ6ZmdMdk1xODlEZFN6ZGRxQ0p2TkVhVXp1OXdkZzE2L2NYR1RBZXZyZWRKdnM3RDhVVmpTMDM0U0x4ZW1EbUVOa1g2WWJvbHNmR0crclhJSXhtdFUyN0ROeng2Q0tFbHNSL3ViakZuRUVSRjgzRUtyNGpnbGI1WUcra1RCbWVoaHNXR29TdUVEQjFoVXRzeDlRdnBxUHZNMTFUTk9sdVowV3FzOVVtV0VJL3BTR3RwSStvUjc3eC9FNnZjbUF5ZWNRU1NieHBxRVdoZGVDOEtKTloyMVVzV3dnZjJhNmZOaldoMXc5VzEyQ1RPR2VKc0ZFOERaWWVLYlp5R1l0Yis0dEpjVDhpNTFMY093L0hnMXZ0aGNHRCthb2d0NVRVUlJubEVMZW8zRGVuc214UzRuYkRteVcxUTIvRFF2WDRUOHFRV1p1TmZEMTdFbGdJU3p5enlwT1ZyUnpqL0x1S2pjOStpc09kbHJQaHFIS2Y1QzM1Qy9vampuclV2SzZJUGRGcjA5ZUo2Mlp2bzJYYkNNNmxweENGUCtiYXBmVitOOVpHQlQ2UThvOFcwbWJicnM3RWljSFlqbUZrZWE3Qmh3UkRIWXFzTGRaaFlEZm9KcHhjMG01eEVacWdpSGE1S0JoUGpNWjhPSXBqdlZ5UGUrS25RaFd0OHIrWTNRNmlLOFNwTm5MS1NCakk3dGFtcWdkWkk2Vmkxek1lYU1sVjVOUEROd3FHb1VMRk5qdDlpbWVRN0UwSDY2YmN4cnNodnJIWUd0cUNBblZwZ1hPelF0YU9ZV0xyRE1ITmV4a2lRellDQ2EyOVRFL3dvL1p5eTJhcjk4eklkRFhaODhpVkppb3E4Q0EyODgrdkt2QWlCdi83TFlZM0JtdUx6aC9xOEdpQTU1U21STEJNT0UvWXVuYmdXSHhFeE9NNko4YTkrR3JiTjNGMzFaSDJNQjF4Um8yZDlONkYxN01ucktESzNYd25mQkNoTmZKeHJOaWFUZ2JWU3g1V2VjRndxYWRmV2RYSUVnNlBYMFNLOGxEeWgzUUxpZXREemw4ckV4ekNTeFZDM2VGZi80K3pDSXhDZ0ZqR25xQTRXenlrUkhPR3VLZ0wvYU1weTl2elZJWWVkcmZxRVR4SGRScFZFU1dZUGJNUGEwdHF2cWdmK0VUOW1DTXVzRzJvSGs1YVVXK2xQaUVtbXFjTXJkVHRtbTAzVHRlZkpaVHRRa0kwUGlqdkJpWDR6VU9JazZ6MzQ3bHpNelVVUlJGbUYyeDdzL25ldFNnemQ5Z0FadVZPeGlHbU4zWm94bHBSK2x0eHpVMUNaQjArVWtFQUJiUkJNZVc0TXlOSjBlRXB6YkxiS0JjR0xhOU5mNVcvVTZ0VlhuZ2FtakpMS3BZZis1QnMvaUF6eDRZdElIVFAzQT09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 7DpDPrBgp02EVXYKwcnXzCmZi

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\l4EM4_readme_.txt

Family

avaddon

Ransom Note

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\l4EM4_readme_.txt

Family

avaddon

Ransom Note

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\vE8y5_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .bcEBdcCAdE You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MjAwNC0ya1ArTE82eWRrSU9DNnpRajVMYUJkVFJaa0VFMnVPeUlXbklEMnVMeU5YT2tQOTJBSUtvVisxVDQyUVdjWDhiWURqTUFvVklKQy9BWEhGYTdQVXhUVjZmYnpFeUgzeVAvL1ZYWGJ2eVhSUkpHY3o5M2hWU0JIMndZVW5waUxqV2ozVC9nV3NyaWY3M2RpY0FVWFdadXBJWWlVcTJJV3NsY3FEUTgwcXAveWxuUFV0aFhRL25HbVBqRTNqVjgwZVlac0g1d0ZuaGRFUlNjZzkra3Z1TldObFloWkxTZlNyU3UwV1FrdEwwQ0Z1RHl1ZmlrQnFkd2dpNTRqS010RmFaY0dRZy9tb3N0amlaSFozWnZtQkc4eEhUU1F0TFBQYWpyT1ZDN0tOdWpjSU5TMGRtbHFVUTg3Y2QrVjQzNnhDWU43TEl6UHRsNVRxQVZIVTNnWERVNTF3dmw3bTVJMVc2OEppaXFzOWZQQWN3dUVwUXNsQ1VBVi8xWnVCYmROMTd1bWNBMElRS0hEamZqc2RRbkY5c1lhbWlTR3Bva3dQTGF6czZJN0xnUWVnSUhDZkFyNW1vTEhxbExVb0ZFNmcvSzFKdlNpVVZKRHdSdFUwaWR3YklBUVFacm9nVkF1SDJiQ3F4bnY5NXVDVERPZE9odjZIa0FTdVBMenRJZnlwSjg2eVg2Mk9WdXZYT3p4Q1l3VEMxSEx5ZEdBakVWdUFIc2pHMjZLYk4yVXVDU3VhUnNDdExqNlkzMU16dk5YRlZDdmR4dzFXNytUY1BDMDZIR1JRRjRTSmhEN1B0YlJiKys5K3gwNC9heGlNVW5WNCtMeE8rVlVSdjdpWWgyb3NqMTdBNDJVT0VlUkNBNWZucU54Z0NSMzI4N1Z3L1hvYW5lSnpIcUR0Y0w0a3VNWmIyaUtXMlNWWWh3WjZiZ0psMzNRdzJDalZTNlVHb3FvNEZuRTJUSkRYdHUremV2bzVZeG54TzhPdFprYiszM0VQWWZ3cS9UaFF3UWNnTDd6ampob0ZIeHRnU1d5d0VxK1NSMFQwTWVTc3YrcGZ3TVV5b1ZteG5NUjNLSFhYb0dyVUkydERrUmtDQmhDTWFwMXNacVl1azdwaHVlN2JhR1phemtNdHZoRGtlSnZMM0Yxa0Y1eXpzTmFRSjJUTUorNDJoQ0l0U1RTTkt5RjNoblo2a1UvbDlXNFRTK0E3bEJkelNSYzRsT2U4bUpZZUJQaEdoMTNmTjluSkhVOHc4V3o1ZU1YcjZncDNmOXY3OU0xdSt4cS92dm5FbnFNbmhvYjJMaHpiK1FaMzdTbHBrMkRPdkRpbGtWbjFPVVpjMTZlZDNTaGxDTnY5Unp5TXJocGErTHh2cmlieGM3VUlmSWZYS0lvTUh3UTRERDA2UXNacXY1MlJpVWJNd3dOMUhLejgwdHJVV2RYQTJrR0tPazZyblhyMnZEVUhXWW5OcndIN1U0S2VlcE1EVStEbGRoWmc5ZU1wQzJrajNwekpnb0QrMVJMK3BIY2VjN2VsR0xLY3N4ZmJ1ZmhYRmhSdWpCTVk3Qit3bEZHczhkNDJlOTQwZlJOQVRlcTVrNXRaWnNtVit4SktmVlc5RDRVSzIvT0xPYTZFcXM5SmNJVWs3dDc1akM4NVBmekVCMXJjSXh0aUV1c09zVzFRZi9NLzJwd2pYTmZSYXVXS01XaGYrYll2U2g4RFJqOXpNRVN5bVJReXRiTlo3VzNndUtQYlR6NlJOL0haazczWnpzSm5LL0tES3RiYUVZd3daQjhONllwMkJwZUVnRytRRVUrSjYrMWh5c1Vpc014dGwyVXM4S1k5eGZxRTNqMUNsdCtBekZpUnVWdHc4NXQ0YlpLWEFBZFpFR0NnN0ZUcEszdHc4K1h0Ti8xZzR3NXlQTjQrb0llUm5xNzZYUmlzMnZiTDhOcm9xQ2lyQ3hnWEIyQzlZMVhRRExZUjBDVVRwSkMwblh6bkJndE1POXBBK3c3YzRKWkU0aC8xdkpQdVRIT1dhNUlkSGZSMVhMVWYwckVNOC9sd1U0ODIrcDFxS3V6OXJsUWl1NGprTkVsVWRWT0VqTUVqL3VnUmxyWEkzVlVEQVpZQW9icklKNlhGZ2xUeFBNcFVZSy94cGdwWDZXanhvVVpBTVB4WE1mZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * U6wY5HRfu1nLjzkuNH

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\vE8y5_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .bcEBdcCAdE You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MjAwNC0ya1ArTE82eWRrSU9DNnpRajVMYUJkVFJaa0VFMnVPeUlXbklEMnVMeU5YT2tQOTJBSUtvVisxVDQyUVdjWDhiWURqTUFvVklKQy9BWEhGYTdQVXhUVjZmYnpFeUgzeVAvL1ZYWGJ2eVhSUkpHY3o5M2hWU0JIMndZVW5waUxqV2ozVC9nV3NyaWY3M2RpY0FVWFdadXBJWWlVcTJJV3NsY3FEUTgwcXAveWxuUFV0aFhRL25HbVBqRTNqVjgwZVlac0g1d0ZuaGRFUlNjZzkra3Z1TldObFloWkxTZlNyU3UwV1FrdEwwQ0Z1RHl1ZmlrQnFkd2dpNTRqS010RmFaY0dRZy9tb3N0amlaSFozWnZtQkc4eEhUU1F0TFBQYWpyT1ZDN0tOdWpjSU5TMGRtbHFVUTg3Y2QrVjQzNnhDWU43TEl6UHRsNVRxQVZIVTNnWERVNTF3dmw3bTVJMVc2OEppaXFzOWZQQWN3dUVwUXNsQ1VBVi8xWnVCYmROMTd1bWNBMElRS0hEamZqc2RRbkY5c1lhbWlTR3Bva3dQTGF6czZJN0xnUWVnSUhDZkFyNW1vTEhxbExVb0ZFNmcvSzFKdlNpVVZKRHdSdFUwaWR3YklBUVFacm9nVkF1SDJiQ3F4bnY5NXVDVERPZE9odjZIa0FTdVBMenRJZnlwSjg2eVg2Mk9WdXZYT3p4Q1l3VEMxSEx5ZEdBakVWdUFIc2pHMjZLYk4yVXVDU3VhUnNDdExqNlkzMU16dk5YRlZDdmR4dzFXNytUY1BDMDZIR1JRRjRTSmhEN1B0YlJiKys5K3gwNC9heGlNVW5WNCtMeE8rVlVSdjdpWWgyb3NqMTdBNDJVT0VlUkNBNWZucU54Z0NSMzI4N1Z3L1hvYW5lSnpIcUR0Y0w0a3VNWmIyaUtXMlNWWWh3WjZiZ0psMzNRdzJDalZTNlVHb3FvNEZuRTJUSkRYdHUremV2bzVZeG54TzhPdFprYiszM0VQWWZ3cS9UaFF3UWNnTDd6ampob0ZIeHRnU1d5d0VxK1NSMFQwTWVTc3YrcGZ3TVV5b1ZteG5NUjNLSFhYb0dyVUkydERrUmtDQmhDTWFwMXNacVl1azdwaHVlN2JhR1phemtNdHZoRGtlSnZMM0Yxa0Y1eXpzTmFRSjJUTUorNDJoQ0l0U1RTTkt5RjNoblo2a1UvbDlXNFRTK0E3bEJkelNSYzRsT2U4bUpZZUJQaEdoMTNmTjluSkhVOHc4V3o1ZU1YcjZncDNmOXY3OU0xdSt4cS92dm5FbnFNbmhvYjJMaHpiK1FaMzdTbHBrMkRPdkRpbGtWbjFPVVpjMTZlZDNTaGxDTnY5Unp5TXJocGErTHh2cmlieGM3VUlmSWZYS0lvTUh3UTRERDA2UXNacXY1MlJpVWJNd3dOMUhLejgwdHJVV2RYQTJrR0tPazZyblhyMnZEVUhXWW5OcndIN1U0S2VlcE1EVStEbGRoWmc5ZU1wQzJrajNwekpnb0QrMVJMK3BIY2VjN2VsR0xLY3N4ZmJ1ZmhYRmhSdWpCTVk3Qit3bEZHczhkNDJlOTQwZlJOQVRlcTVrNXRaWnNtVit4SktmVlc5RDRVSzIvT0xPYTZFcXM5SmNJVWs3dDc1akM4NVBmekVCMXJjSXh0aUV1c09zVzFRZi9NLzJwd2pYTmZSYXVXS01XaGYrYll2U2g4RFJqOXpNRVN5bVJReXRiTlo3VzNndUtQYlR6NlJOL0haazczWnpzSm5LL0tES3RiYUVZd3daQjhONllwMkJwZUVnRytRRVUrSjYrMWh5c1Vpc014dGwyVXM4S1k5eGZxRTNqMUNsdCtBekZpUnVWdHc4NXQ0YlpLWEFBZFpFR0NnN0ZUcEszdHc4K1h0Ti8xZzR3NXlQTjQrb0llUm5xNzZYUmlzMnZiTDhOcm9xQ2lyQ3hnWEIyQzlZMVhRRExZUjBDVVRwSkMwblh6bkJndE1POXBBK3c3YzRKWkU0aC8xdkpQdVRIT1dhNUlkSGZSMVhMVWYwckVNOC9sd1U0ODIrcDFxS3V6OXJsUWl1NGprTkVsVWRWT0VqTUVqL3VnUmxyWEkzVlVEQVpZQW9icklKNlhGZ2xUeFBNcFVZSy94cGdwWDZXanhvVVpBTVB4WE1mZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * qi3uQUEzjdWQ6PsuNH

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Pictures\vE8y5_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .bcEBdcCAdE You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MjAwNC0ya1ArTE82eWRrSU9DNnpRajVMYUJkVFJaa0VFMnVPeUlXbklEMnVMeU5YT2tQOTJBSUtvVisxVDQyUVdjWDhiWURqTUFvVklKQy9BWEhGYTdQVXhUVjZmYnpFeUgzeVAvL1ZYWGJ2eVhSUkpHY3o5M2hWU0JIMndZVW5waUxqV2ozVC9nV3NyaWY3M2RpY0FVWFdadXBJWWlVcTJJV3NsY3FEUTgwcXAveWxuUFV0aFhRL25HbVBqRTNqVjgwZVlac0g1d0ZuaGRFUlNjZzkra3Z1TldObFloWkxTZlNyU3UwV1FrdEwwQ0Z1RHl1ZmlrQnFkd2dpNTRqS010RmFaY0dRZy9tb3N0amlaSFozWnZtQkc4eEhUU1F0TFBQYWpyT1ZDN0tOdWpjSU5TMGRtbHFVUTg3Y2QrVjQzNnhDWU43TEl6UHRsNVRxQVZIVTNnWERVNTF3dmw3bTVJMVc2OEppaXFzOWZQQWN3dUVwUXNsQ1VBVi8xWnVCYmROMTd1bWNBMElRS0hEamZqc2RRbkY5c1lhbWlTR3Bva3dQTGF6czZJN0xnUWVnSUhDZkFyNW1vTEhxbExVb0ZFNmcvSzFKdlNpVVZKRHdSdFUwaWR3YklBUVFacm9nVkF1SDJiQ3F4bnY5NXVDVERPZE9odjZIa0FTdVBMenRJZnlwSjg2eVg2Mk9WdXZYT3p4Q1l3VEMxSEx5ZEdBakVWdUFIc2pHMjZLYk4yVXVDU3VhUnNDdExqNlkzMU16dk5YRlZDdmR4dzFXNytUY1BDMDZIR1JRRjRTSmhEN1B0YlJiKys5K3gwNC9heGlNVW5WNCtMeE8rVlVSdjdpWWgyb3NqMTdBNDJVT0VlUkNBNWZucU54Z0NSMzI4N1Z3L1hvYW5lSnpIcUR0Y0w0a3VNWmIyaUtXMlNWWWh3WjZiZ0psMzNRdzJDalZTNlVHb3FvNEZuRTJUSkRYdHUremV2bzVZeG54TzhPdFprYiszM0VQWWZ3cS9UaFF3UWNnTDd6ampob0ZIeHRnU1d5d0VxK1NSMFQwTWVTc3YrcGZ3TVV5b1ZteG5NUjNLSFhYb0dyVUkydERrUmtDQmhDTWFwMXNacVl1azdwaHVlN2JhR1phemtNdHZoRGtlSnZMM0Yxa0Y1eXpzTmFRSjJUTUorNDJoQ0l0U1RTTkt5RjNoblo2a1UvbDlXNFRTK0E3bEJkelNSYzRsT2U4bUpZZUJQaEdoMTNmTjluSkhVOHc4V3o1ZU1YcjZncDNmOXY3OU0xdSt4cS92dm5FbnFNbmhvYjJMaHpiK1FaMzdTbHBrMkRPdkRpbGtWbjFPVVpjMTZlZDNTaGxDTnY5Unp5TXJocGErTHh2cmlieGM3VUlmSWZYS0lvTUh3UTRERDA2UXNacXY1MlJpVWJNd3dOMUhLejgwdHJVV2RYQTJrR0tPazZyblhyMnZEVUhXWW5OcndIN1U0S2VlcE1EVStEbGRoWmc5ZU1wQzJrajNwekpnb0QrMVJMK3BIY2VjN2VsR0xLY3N4ZmJ1ZmhYRmhSdWpCTVk3Qit3bEZHczhkNDJlOTQwZlJOQVRlcTVrNXRaWnNtVit4SktmVlc5RDRVSzIvT0xPYTZFcXM5SmNJVWs3dDc1akM4NVBmekVCMXJjSXh0aUV1c09zVzFRZi9NLzJwd2pYTmZSYXVXS01XaGYrYll2U2g4RFJqOXpNRVN5bVJReXRiTlo3VzNndUtQYlR6NlJOL0haazczWnpzSm5LL0tES3RiYUVZd3daQjhONllwMkJwZUVnRytRRVUrSjYrMWh5c1Vpc014dGwyVXM4S1k5eGZxRTNqMUNsdCtBekZpUnVWdHc4NXQ0YlpLWEFBZFpFR0NnN0ZUcEszdHc4K1h0Ti8xZzR3NXlQTjQrb0llUm5xNzZYUmlzMnZiTDhOcm9xQ2lyQ3hnWEIyQzlZMVhRRExZUjBDVVRwSkMwblh6bkJndE1POXBBK3c3YzRKWkU0aC8xdkpQdVRIT1dhNUlkSGZSMVhMVWYwckVNOC9sd1U0ODIrcDFxS3V6OXJsUWl1NGprTkVsVWRWT0VqTUVqL3VnUmxyWEkzVlVEQVpZQW9icklKNlhGZ2xUeFBNcFVZSy94cGdwWDZXanhvVVpBTVB4WE1mZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * DreHlA1mZFEzyLXw2oglx

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Targets

- Target
  
  d841d0a10e8b6885f1b8e1282c70e88d4f74471fbbe1b4b6f29b4ca238b1e8cb.exe
- Size
  
  441KB
- MD5
  
  b1758767d10c75d1589c16763fca6fd3
- SHA1
  
  2722f21a31859ea735e908a1c705d07b139e3b12
- SHA256
  
  d841d0a10e8b6885f1b8e1282c70e88d4f74471fbbe1b4b6f29b4ca238b1e8cb
- SHA512
  
  93bdfaf8a7b35e3c0110e931a35c5a901c8acf06b36dd9e8cba9b770be642525ba0350ae94d68556961b06b0d802cd2e1997fc73849c643f76eba721215abf5e
- SSDEEP
  
  12288:5I7bv0KUN/9MISQBqz9xbwL5A++dMncx4wjSvh:K7QzuyErzrSwjMh
Score

10^/10

avaddon evasion ransomware trojan
- Avaddon
  Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
  ransomware avaddon
- Avaddon payload
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (151) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2