Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

2024-09-02 ABYSS Ransomware Windows and Linux Samples

published on 2024-09-03 17:32:00 UTC by Mila
Content:

2024-09-02 SocRadar: Dark Web Profile: Abyss Ransomware

Abyss Ransomware, first identified in 2023, is a sophisticated ransomware strain targeting both Windows and Linux systems, with a specific focus on VMware ESXi environments. It employs advanced encryption techniques, multi-extortion tactics, and strategic network infiltration to disrupt operations across various sectors, including finance, healthcare, and technology.

Key Characteristics:

Target Platforms: Windows, Linux (particularly VMware ESXi)

Encryption: Utilizes the Salsa20 encryption algorithm; appends .abyss or .crypt extensions.

Initial Access Vectors: Phishing emails, weak SSH configurations, and exploiting known vulnerabilities in exposed servers.

Multi-Extortion Tactics: Encrypts files and exfiltrates data, threatening public exposure on a TOR-based leak site if ransom demands are not met.

Windows Variant:

Service Termination: Disables critical services (e.g., MSSQL, Exchange) to ensure encryption success.

Persistence: Alters boot configuration to disable recovery options.

File Encryption: Employs Salsa20; ransom note WhatHappened.txt is dropped in each directory.

Obfuscation: Written in C++, using techniques to evade detection and hinder forensic analysis.

Linux Variant:

VMware ESXi Targeting: Leverages esxcli to manage and shut down virtual machines for encryption.

Selective Encryption: Avoids critical system directories to maintain partial system functionality.

Persistence: Establishes daemon processes to ensure the ransomware remains active post-reboot.

Download

Download (Email me if you need the password scheme)

File Information

├── ├── Abyss_Linux

│ ├── 6f9046f4bc6517d47150caa3d6ddbc327cced5eecd86e8699d105beef388c3c0 elf_

│ └── 72310e31280b7e90ebc9a32cb33674060a3587663c0334daef76c2ae2cc2a462 elf_

└── Abyss_Windows

├── 0079fb42859d04096cf9d6aaaaf6a463bd723b1fb7625d4137cc88b890dbec51 exe_

├── 00fb27c489126cb61a2908f0ce15961c4af4681985e233cdac4f021fb3735ad0 exe_

├── 03f9dccb15e19b5af71d1c831f963e834c41a42777b270bd1d60230f88fe6a95 exe_

├── 056220ff4204783d8cc8e596b3fc463a2e6b130db08ec923f17c9a78aa2032da exe_

├── 07532f7b226afb8e4a931d9e51da41a6c163c4b59b7472682999ce795fd48ca1 exe_

├── 0763e887924f6c7afad58e7675ecfe34ab615f4bd8f569759b1c33f0b6d08c64 exe_

├── 0d2c958ee0a7a8667b93d0f9aaa265a32fbd44f3af0aaca9dfe93bfd0253d035 exe_

├── 10eddba5af7b55a8bd815fd98184cb703583bee61812fcf3e12f8b220bf3a7c7 exe_

├── 112a76c7fb220e0e44f96d833da260cfadb051e64a9311e19f34448eb856341f exe_

├── 1189c8aa073b9630958a1d8fdb81b8a1f6b538962e7b39c1de9071ab25007a23 exe_

├── 13158c90fe1a73a8bfec9205dbfe65a5346632a637d92d8aa671737af804e61d exe_

├── 1a31b8e23ccc7933c442d88523210c89cebd2c199d9ebb88b3d16eacbefe4120 exe_

├── 1d04d9a8eeed0e1371afed06dcc7300c7b8ca341fe2d4d777191a26dabac3596 exe_

├── 25ce2fec4cd164a93dee5d00ab547ebe47a4b713cced567ab9aca4a7080afcb7 exe_

├── 2cc6aeea99c5c45d16a4d84bf9c87c1fac3c3a390214179331d7049457ee7621 exe_

├── 2e42b9ded573e97c095e45dad0bdd2a2d6a0a99e4f7242695054217e2bba6829 exe_

├── 362a16c5e86f13700bdf2d58f6c0ab26e289b6a5c10ad2769f3412ec0b2da711 exe_

├── 3b2687884f2cc8710fabcfa39264a6fa2056d5178b1a9aba027a74abdf273ed6 exe_

├── 3fd080ef4cc5fbf8bf0e8736af00af973d5e41c105b4cd69522a0a3c34c96b6d exe_

├── 505934035dfcff6afabc9c29c10e1aa30187207f7c805ea10d24621d09db9277 exe_

├── 62069d85d187ffc78dc0c8b108098016b7631b5cc7501e30be3d1515eddd781a exe_

├── 68cbeaccb231459ceb604934f9b4cb6fc3b51901293db9d8464074e350f11bc2 exe_

├── 822c77cc025d12b267cf598a3bdff207b1ba278e96126590ac60d88701cd840a exe_

├── 877c8a1c391e21727b2cdb2f87c7b0b37fb7be1d8dd2d941f5c20b30eb65ee97 exe_

├── 88f16d251a88b9429ca9a99d4fb3083081ff55fb7cedfb32213b4bca011e9ce7 exe_

├── 9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc exe_

├── 94fa7d8eefce262cb2386b8fff2e1f35c8f35d570cecef54515207b9df40d97d exe_

├── b524773160f3cb3bfb96e7704ef31a986a179395d40a578edce8257862cafe5f exe_

├── ba7c611f8c14a5651b33405a521e189ad17210b36633972700540ba2056564a0 exe_

├── d58c756206dcf233d853ddf3c7c7cfd7b2052637211f442b10b93995e969f0d7 exe_

├── dced334f3d9739ef157ead80133d584af782e22e87d227a5ed83bf968f17d367 exe_

├── dee2af08e1f5bb89e7bad79fae5c39c71ff089083d65da1c03c7a4c051fabae0 exe_

├── e331eac881cbd0c473dfc63de47e9cead852625658ab7e602f9ed5128b65c6a4 exe_

├── e5417c7a24aa6f952170e9dfcfdf044c2a7259a03a7683c3ddb72512ad0cd5c7 exe_

├── e63420bc4a633d9e44e146ceeee17584e752b3e6fd9700137373746461d7b378 exe_

├── e6537d30d66727c5a306dc291f02ceb9d2b48bffe89dd5eff7aa2d22e28b6d7c exe_

└── f88f90760aa5f3bfa3977b5f388db814b767878dc6b9d45929c1ee94d7f5c57d exe_

Article: 2024-09-02 ABYSS Ransomware Windows and Linux Samples - published 2 months ago.

https://contagiodump.blogspot.com/2024/09/2024-09-02-abyss-ransomware-windows-and.html
Published: 2024 09 03 17:32:00
Received: 2024 09 03 17:49:39
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Views: 0