2024-09-02 ABYSS Ransomware Windows and Linux Samples
2024-9-4 01:32:0 Author: contagiodump.blogspot.com(查看原文) 阅读量:18 收藏


Abyss Ransomware, first identified in 2023, is a sophisticated ransomware strain targeting both Windows and Linux systems, with a specific focus on VMware ESXi environments. It employs advanced encryption techniques, multi-extortion tactics, and strategic network infiltration to disrupt operations across various sectors, including finance, healthcare, and technology.

Key Characteristics:

Target Platforms: Windows, Linux (particularly VMware ESXi)

Encryption: Utilizes the Salsa20 encryption algorithm; appends .abyss or .crypt extensions.

Initial Access Vectors: Phishing emails, weak SSH configurations, and exploiting known vulnerabilities in exposed servers.

Multi-Extortion Tactics: Encrypts files and exfiltrates data, threatening public exposure on a TOR-based leak site if ransom demands are not met.

Windows Variant:

Service Termination: Disables critical services (e.g., MSSQL, Exchange) to ensure encryption success.

Persistence: Alters boot configuration to disable recovery options.

File Encryption: Employs Salsa20; ransom note WhatHappened.txt is dropped in each directory.

Obfuscation: Written in C++, using techniques to evade detection and hinder forensic analysis.

Linux Variant:

VMware ESXi Targeting: Leverages esxcli to manage and shut down virtual machines for encryption.

Selective Encryption: Avoids critical system directories to maintain partial system functionality.

Persistence: Establishes daemon processes to ensure the ransomware remains active post-reboot.

File Information

├── ├── Abyss_Linux

│   ├── 6f9046f4bc6517d47150caa3d6ddbc327cced5eecd86e8699d105beef388c3c0  elf_

│   └── 72310e31280b7e90ebc9a32cb33674060a3587663c0334daef76c2ae2cc2a462  elf_

└── Abyss_Windows

    ├── 0079fb42859d04096cf9d6aaaaf6a463bd723b1fb7625d4137cc88b890dbec51  exe_

    ├── 00fb27c489126cb61a2908f0ce15961c4af4681985e233cdac4f021fb3735ad0  exe_

    ├── 03f9dccb15e19b5af71d1c831f963e834c41a42777b270bd1d60230f88fe6a95  exe_

    ├── 056220ff4204783d8cc8e596b3fc463a2e6b130db08ec923f17c9a78aa2032da  exe_

    ├── 07532f7b226afb8e4a931d9e51da41a6c163c4b59b7472682999ce795fd48ca1  exe_

    ├── 0763e887924f6c7afad58e7675ecfe34ab615f4bd8f569759b1c33f0b6d08c64  exe_

    ├── 0d2c958ee0a7a8667b93d0f9aaa265a32fbd44f3af0aaca9dfe93bfd0253d035  exe_

    ├── 10eddba5af7b55a8bd815fd98184cb703583bee61812fcf3e12f8b220bf3a7c7  exe_

    ├── 112a76c7fb220e0e44f96d833da260cfadb051e64a9311e19f34448eb856341f  exe_

    ├── 1189c8aa073b9630958a1d8fdb81b8a1f6b538962e7b39c1de9071ab25007a23  exe_

    ├── 13158c90fe1a73a8bfec9205dbfe65a5346632a637d92d8aa671737af804e61d  exe_

    ├── 1a31b8e23ccc7933c442d88523210c89cebd2c199d9ebb88b3d16eacbefe4120  exe_

    ├── 1d04d9a8eeed0e1371afed06dcc7300c7b8ca341fe2d4d777191a26dabac3596  exe_

    ├── 25ce2fec4cd164a93dee5d00ab547ebe47a4b713cced567ab9aca4a7080afcb7  exe_

    ├── 2cc6aeea99c5c45d16a4d84bf9c87c1fac3c3a390214179331d7049457ee7621  exe_

    ├── 2e42b9ded573e97c095e45dad0bdd2a2d6a0a99e4f7242695054217e2bba6829  exe_

    ├── 362a16c5e86f13700bdf2d58f6c0ab26e289b6a5c10ad2769f3412ec0b2da711  exe_

    ├── 3b2687884f2cc8710fabcfa39264a6fa2056d5178b1a9aba027a74abdf273ed6  exe_

    ├── 3fd080ef4cc5fbf8bf0e8736af00af973d5e41c105b4cd69522a0a3c34c96b6d  exe_

    ├── 505934035dfcff6afabc9c29c10e1aa30187207f7c805ea10d24621d09db9277  exe_

    ├── 62069d85d187ffc78dc0c8b108098016b7631b5cc7501e30be3d1515eddd781a  exe_

    ├── 68cbeaccb231459ceb604934f9b4cb6fc3b51901293db9d8464074e350f11bc2  exe_

    ├── 822c77cc025d12b267cf598a3bdff207b1ba278e96126590ac60d88701cd840a  exe_

    ├── 877c8a1c391e21727b2cdb2f87c7b0b37fb7be1d8dd2d941f5c20b30eb65ee97  exe_

    ├── 88f16d251a88b9429ca9a99d4fb3083081ff55fb7cedfb32213b4bca011e9ce7  exe_

    ├── 9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc  exe_

    ├── 94fa7d8eefce262cb2386b8fff2e1f35c8f35d570cecef54515207b9df40d97d  exe_

    ├── b524773160f3cb3bfb96e7704ef31a986a179395d40a578edce8257862cafe5f  exe_

    ├── ba7c611f8c14a5651b33405a521e189ad17210b36633972700540ba2056564a0  exe_

    ├── d58c756206dcf233d853ddf3c7c7cfd7b2052637211f442b10b93995e969f0d7  exe_

    ├── dced334f3d9739ef157ead80133d584af782e22e87d227a5ed83bf968f17d367  exe_

    ├── dee2af08e1f5bb89e7bad79fae5c39c71ff089083d65da1c03c7a4c051fabae0  exe_

    ├── e331eac881cbd0c473dfc63de47e9cead852625658ab7e602f9ed5128b65c6a4  exe_

    ├── e5417c7a24aa6f952170e9dfcfdf044c2a7259a03a7683c3ddb72512ad0cd5c7  exe_

    ├── e63420bc4a633d9e44e146ceeee17584e752b3e6fd9700137373746461d7b378  exe_

    ├── e6537d30d66727c5a306dc291f02ceb9d2b48bffe89dd5eff7aa2d22e28b6d7c  exe_

    └── f88f90760aa5f3bfa3977b5f388db814b767878dc6b9d45929c1ee94d7f5c57d  exe_



文章来源: https://contagiodump.blogspot.com/2024/09/2024-09-02-abyss-ransomware-windows-and.html
如有侵权请联系:admin#unsafe.sh