MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dccc689c986e357d5dbdc987e72e6b8a0e9017cbf347449b27c84b8b7b9d507a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Avaddon


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dccc689c986e357d5dbdc987e72e6b8a0e9017cbf347449b27c84b8b7b9d507a
SHA3-384 hash: 9e5c4ec6b7ae103cc7581ec461ca578dc4a5752a4cc035e9e7c1d7c14ff616f3a194e0eb1300fb5e505bccee1f0fee92
SHA1 hash: 3d08d5101d6d0daf021be544b77fbc3a29d6a86c
MD5 hash: d17150af2caeec5da4029822d740137a
humanhash: harry-massachusetts-cold-twenty
File name:Avaddon Ransomware
Download: download sample
Signature Avaddon
Create hunting rule
File size:2'915'672 bytes
First seen:2020-06-12 13:43:55 UTC
Last seen:2020-06-12 14:59:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0c140d1c71287dd8120d8c4d04a35ca5 (1 x Avaddon)
ssdeep 24576:vPubZdZtA3crutnIx47jCO1RGQGE9w7WApWluG9U:vkZtAsrcBe+8QGE9bny
Threatray 28 similar samples on MalwareBazaar
TLSH 10D5CFD2EC06CF6FD46D2078E4AD8B0B6061F9565F034A9E79481C213FB2D63D9A235E
Reporter JAMESWT_WT
Tags:Avaddon Ransomware

Code Signing Certificate

Organisation:FGYFVJJJWPWKCFDTWW
Issuer:FGYFVJJJWPWKCFDTWW
Algorithm:sha1WithRSA
Valid from:Jun 2 19:02:18 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 2E6EE027976CCCB44B38539BB0F9BD03
Thumbprint Algorithm:SHA256
Thumbprint: 309E8CC57C0F71399E942F5FF120D9A50975F34D7F0C21622014002F8DA2BF82
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
333
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10071/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.53035.10108.21588.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 09:35:06 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3tggrheyny2x2xn5zgd6oltlrihjaf6l6ndujgzhzbfyw645kb5a._file
Verdict:
unknown
Similar samples:
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993
Avaddon
05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2
Avaddon
0f081ea4e30ca05fc2977235bf239992b17fa9968b58b001990e4539f0899269
Avaddon
6ad2831339a2a6fc8d140c8718cf38fabef9915409bd32cd86221b515b4be629
Avaddon
75adf0d7e708b54f8debec4767e2ba3cc52cdf0264a8d6545865d4c7ae7352d0
Avaddon
7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335
Avaddon
bcb69244dc69a152af4dca3849bb4f3ca634ad785926304c672dbf8a3c38e7bc
Avaddon
e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf
Avaddon
f5123e1fe20922f1e236abdc7aa90f98056ffef585bc4a2c1b93cfd2dd2736a0
Avaddon
fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6
Avaddon
+ 18 additional samples on MalwareBazaar
Result
Malware family:
avaddon
Create hunting rule
Score:
  10/10
Tags:
family:avaddon evasion persistence ransomware trojan
Link:
https://tria.ge/reports/201109-6yf3e7en5n/
Behaviour
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
Modifies service
Adds Run key to start application
Checks whether UAC is enabled
Drops desktop.ini file(s)
Enumerates connected drives
Looks up external IP address via web service
Modifies extensions of user files
Deletes shadow copies
Avaddon
UAC bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10071/

Comments