MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Avaddon


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993
SHA3-384 hash: 84eb4e4d2d0ea981f56ce7931a3cb94cc915f14dabd31650f743eeedf5ef58ead305a9d72ef679d5bacdf15064f18d2d
SHA1 hash: 497985116f4ebaa05f1774c16adb5aa52b8e9756
MD5 hash: f8290f2d593a05ea811edbd3bff6eacc
humanhash: nineteen-wisconsin-one-carolina
File name:1.exe
Download: download sample
Signature Avaddon
Create hunting rule
File size:2'108'248 bytes
First seen:2020-06-30 12:30:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 50a420668550f98372c95025cc500359 (1 x Avaddon)
ssdeep 24576:AxT2+3dmY7FF1JLurH0q7kRZLJn0A0ffqN3CzPtakNLIE4GPoyP:f+NmY7FFHurUayLLKCdCzPtFZb
Threatray 25 similar samples on MalwareBazaar
TLSH 54A5AD90A956CEBED0AC2175E0EC8F0750A2F9254F074B9B7A481C213BB2D93E5E535F
Reporter JAMESWT_WT
Tags:Avaddon

Code Signing Certificate

Organisation:OHZOIPIFGKOQRMDDPN
Issuer:OHZOIPIFGKOQRMDDPN
Algorithm:sha1WithRSA
Valid from:Jun 23 09:20:34 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -48042AD276AE9774BE39ABB8AC3E3ADA
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 82194ECF2A5C4AAF5ABFA5772997F9E1FFA4BCAD9DA4BF5949539F45224E02C8
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17141/
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993/
Threat name:
Win32.Ransomware.Avaddon
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 12:30:43 UTC
File Type:
PE (Exe)
Extracted files:
51
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0f081ea4e30ca05fc2977235bf239992b17fa9968b58b001990e4539f0899269
Avaddon
5a48051865458d4da563d0029f176774d0a8f293dffa1a868dac3816f38f0d2e
Avaddon
649be52b6b0d362efcfc6f1dd79a6b8fbcf85eb2b68f0138f87b6e1cc7e5a418
Avaddon
6ad2831339a2a6fc8d140c8718cf38fabef9915409bd32cd86221b515b4be629
Avaddon
75adf0d7e708b54f8debec4767e2ba3cc52cdf0264a8d6545865d4c7ae7352d0
Avaddon
84875c4805410be87f9edda908efd810194bdbcfcc690354942e064acde3d58a
Avaddon
8a92daedd35bf7b9e66d0ed29482e0d06b78621ddaae99a4553ee14d147d2d5f
Avaddon
f4b5451809e69cc848d835a918c59bb79d449a11daed519743fedb5545127c74
Avaddon
f5123e1fe20922f1e236abdc7aa90f98056ffef585bc4a2c1b93cfd2dd2736a0
Avaddon
fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6
Avaddon
+ 15 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
ransomware evasion trojan persistence
Link:
https://tria.ge/reports/200630-2emcedbzv2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Interacts with shadow copies
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies service
Checks whether UAC is enabled
Drops desktop.ini file(s)
Looks up external IP address via web service
Enumerates connected drives
Deletes shadow copies
UAC bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/17141/

Comments