Clicky

Pages

Tuesday, September 3, 2024

2024-09-02 ABYSS Ransomware Windows and Linux Samples




Abyss Ransomware, first identified in 2023, is a sophisticated ransomware strain targeting both Windows and Linux systems, with a specific focus on VMware ESXi environments. It employs advanced encryption techniques, multi-extortion tactics, and strategic network infiltration to disrupt operations across various sectors, including finance, healthcare, and technology.

Key Characteristics:

Target Platforms: Windows, Linux (particularly VMware ESXi)
Encryption: Utilizes the Salsa20 encryption algorithm; appends .abyss or .crypt extensions.
Initial Access Vectors: Phishing emails, weak SSH configurations, and exploiting known vulnerabilities in exposed servers.
Multi-Extortion Tactics: Encrypts files and exfiltrates data, threatening public exposure on a TOR-based leak site if ransom demands are not met.
Windows Variant:

Service Termination: Disables critical services (e.g., MSSQL, Exchange) to ensure encryption success.
Persistence: Alters boot configuration to disable recovery options.
File Encryption: Employs Salsa20; ransom note WhatHappened.txt is dropped in each directory.
Obfuscation: Written in C++, using techniques to evade detection and hinder forensic analysis.
Linux Variant:

VMware ESXi Targeting: Leverages esxcli to manage and shut down virtual machines for encryption.
Selective Encryption: Avoids critical system directories to maintain partial system functionality.
Persistence: Establishes daemon processes to ensure the ransomware remains active post-reboot.



File Information

├── ├── Abyss_Linux
│   ├── 6f9046f4bc6517d47150caa3d6ddbc327cced5eecd86e8699d105beef388c3c0  elf_
│   └── 72310e31280b7e90ebc9a32cb33674060a3587663c0334daef76c2ae2cc2a462  elf_
└── Abyss_Windows
    ├── 0079fb42859d04096cf9d6aaaaf6a463bd723b1fb7625d4137cc88b890dbec51  exe_
    ├── 00fb27c489126cb61a2908f0ce15961c4af4681985e233cdac4f021fb3735ad0  exe_
    ├── 03f9dccb15e19b5af71d1c831f963e834c41a42777b270bd1d60230f88fe6a95  exe_
    ├── 056220ff4204783d8cc8e596b3fc463a2e6b130db08ec923f17c9a78aa2032da  exe_
    ├── 07532f7b226afb8e4a931d9e51da41a6c163c4b59b7472682999ce795fd48ca1  exe_
    ├── 0763e887924f6c7afad58e7675ecfe34ab615f4bd8f569759b1c33f0b6d08c64  exe_
    ├── 0d2c958ee0a7a8667b93d0f9aaa265a32fbd44f3af0aaca9dfe93bfd0253d035  exe_
    ├── 10eddba5af7b55a8bd815fd98184cb703583bee61812fcf3e12f8b220bf3a7c7  exe_
    ├── 112a76c7fb220e0e44f96d833da260cfadb051e64a9311e19f34448eb856341f  exe_
    ├── 1189c8aa073b9630958a1d8fdb81b8a1f6b538962e7b39c1de9071ab25007a23  exe_
    ├── 13158c90fe1a73a8bfec9205dbfe65a5346632a637d92d8aa671737af804e61d  exe_
    ├── 1a31b8e23ccc7933c442d88523210c89cebd2c199d9ebb88b3d16eacbefe4120  exe_
    ├── 1d04d9a8eeed0e1371afed06dcc7300c7b8ca341fe2d4d777191a26dabac3596  exe_
    ├── 25ce2fec4cd164a93dee5d00ab547ebe47a4b713cced567ab9aca4a7080afcb7  exe_
    ├── 2cc6aeea99c5c45d16a4d84bf9c87c1fac3c3a390214179331d7049457ee7621  exe_
    ├── 2e42b9ded573e97c095e45dad0bdd2a2d6a0a99e4f7242695054217e2bba6829  exe_
    ├── 362a16c5e86f13700bdf2d58f6c0ab26e289b6a5c10ad2769f3412ec0b2da711  exe_
    ├── 3b2687884f2cc8710fabcfa39264a6fa2056d5178b1a9aba027a74abdf273ed6  exe_
    ├── 3fd080ef4cc5fbf8bf0e8736af00af973d5e41c105b4cd69522a0a3c34c96b6d  exe_
    ├── 505934035dfcff6afabc9c29c10e1aa30187207f7c805ea10d24621d09db9277  exe_
    ├── 62069d85d187ffc78dc0c8b108098016b7631b5cc7501e30be3d1515eddd781a  exe_
    ├── 68cbeaccb231459ceb604934f9b4cb6fc3b51901293db9d8464074e350f11bc2  exe_
    ├── 822c77cc025d12b267cf598a3bdff207b1ba278e96126590ac60d88701cd840a  exe_
    ├── 877c8a1c391e21727b2cdb2f87c7b0b37fb7be1d8dd2d941f5c20b30eb65ee97  exe_
    ├── 88f16d251a88b9429ca9a99d4fb3083081ff55fb7cedfb32213b4bca011e9ce7  exe_
    ├── 9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc  exe_
    ├── 94fa7d8eefce262cb2386b8fff2e1f35c8f35d570cecef54515207b9df40d97d  exe_
    ├── b524773160f3cb3bfb96e7704ef31a986a179395d40a578edce8257862cafe5f  exe_
    ├── ba7c611f8c14a5651b33405a521e189ad17210b36633972700540ba2056564a0  exe_
    ├── d58c756206dcf233d853ddf3c7c7cfd7b2052637211f442b10b93995e969f0d7  exe_
    ├── dced334f3d9739ef157ead80133d584af782e22e87d227a5ed83bf968f17d367  exe_
    ├── dee2af08e1f5bb89e7bad79fae5c39c71ff089083d65da1c03c7a4c051fabae0  exe_
    ├── e331eac881cbd0c473dfc63de47e9cead852625658ab7e602f9ed5128b65c6a4  exe_
    ├── e5417c7a24aa6f952170e9dfcfdf044c2a7259a03a7683c3ddb72512ad0cd5c7  exe_
    ├── e63420bc4a633d9e44e146ceeee17584e752b3e6fd9700137373746461d7b378  exe_
    ├── e6537d30d66727c5a306dc291f02ceb9d2b48bffe89dd5eff7aa2d22e28b6d7c  exe_
    └── f88f90760aa5f3bfa3977b5f388db814b767878dc6b9d45929c1ee94d7f5c57d  exe_

No comments:

Post a Comment