Overview

overview

10

Static

static

43b7a60c0e...56.exe

windows7_x64

10

43b7a60c0e...56.exe

windows10_x64

10

Resubmissions

09-06-2024 18:26

240609-w3g2gsdd8v 10

19-07-2021 19:34

210719-85ryxybqhe 10

Analysis

  • max time kernel
    25s
  • max time network
    40s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    19-07-2021 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe

  • Size

    402KB

  • MD5

    d285f1366d0d4fdae0b558db690497ea

  • SHA1

    f6f94e2f49cd64a9590963ef3852e135e2b8deba

  • SHA256

    43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856

  • SHA512

    0922a6698c9a63935289fed5f70eff7cd4603c113410e713bcff6039a70edd1b505af503fb0f9e19b21f56cacba1d774c9a51dc275be2a0d67477731c5cc2718

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Message from agent: We have exfiltrated confidential documents, passports scans, social security numbers and financial documents. All data will be leaked if you do not cooperate! Your ID: 168e11dcf2c8e477a570a445a82dec00ed1ae418a6722075b2986ccfd661f2d6
URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Signatures

  • Avoslocker Ransomware

    Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    ransomwareavoslocker
  • Modifies extensions of user files 7 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe
    "C:\Users\Admin\AppData\Local\Temp\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe"
    1⤵
    • Modifies extensions of user files
    • Suspicious behavior: EnumeratesProcesses
    PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads