General

  • Target

    e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a

  • Size

    691KB

  • Sample

    210830-vvgqk7lxre

  • MD5

    228da27a87b611a789086214cf4382ea

  • SHA1

    853d14db0de136b33c90d3171879c4384bc2882e

  • SHA256

    e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a

  • SHA512

    d6179f906fee90d966f016043be9ceffa473552a32c8cc9b6242c754fac5310600329351bd9d4d642ca30e9892103e059b452f3fe12fd956c601db4c9ad3af99

Score
10/10

Malware Config

Extracted

Path

C:\$Recycle.Bin\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: 23e2d36f8447f2ca488d38d8e5882879688345ddad10b8cc9db089721b45e907
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets

    • Target

      e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a

    • Size

      691KB

    • MD5

      228da27a87b611a789086214cf4382ea

    • SHA1

      853d14db0de136b33c90d3171879c4384bc2882e

    • SHA256

      e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a

    • SHA512

      d6179f906fee90d966f016043be9ceffa473552a32c8cc9b6242c754fac5310600329351bd9d4d642ca30e9892103e059b452f3fe12fd956c601db4c9ad3af99

    Score
    10/10
    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

MITRE ATT&CK Matrix

Tasks