Overview

overview

10

Static

static

fb544e1f74...in.exe

windows7_x64

10

fb544e1f74...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.bin

  • Size

    402KB

  • Sample

    210723-1f485ampc6

  • MD5

    76e177a94834b3f7c63257bc8011f60f

  • SHA1

    e2bdef45d8dd4b1811396781b0bc94092d268a88

  • SHA256

    fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f

  • SHA512

    d5bd1f1854f2b7a589c0d9a4f57df30a03c92250f400bb3868facdeca5dcee6f9ee3a72653640a2f2bdafebce3e4db0fe322bfad5045741c43784bc94ef39418

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Your ID: c5c5cc75754e1763b14a0651e339cb3ebf64f8a6567aeb1146c5aa7ffa2d19c0
URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Targets

    • Target

      fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.bin

    • Size

      402KB

    • MD5

      76e177a94834b3f7c63257bc8011f60f

    • SHA1

      e2bdef45d8dd4b1811396781b0bc94092d268a88

    • SHA256

      fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f

    • SHA512

      d5bd1f1854f2b7a589c0d9a4f57df30a03c92250f400bb3868facdeca5dcee6f9ee3a72653640a2f2bdafebce3e4db0fe322bfad5045741c43784bc94ef39418

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks