Overview

overview

10

Static

static

origin.exe

windows7_x64

10

origin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    origin.exe

  • Size

    919KB

  • Sample

    210907-lpxjxaccd7

  • MD5

    044cdd8c2257effbd764b0f8c1f7c617

  • SHA1

    99f26e99abb7b4887efff8f2c7ee1eae76df339f

  • SHA256

    bd88d415032eb24091c352fc0732b31116f44a78d9333037bd7608289608d3cd

  • SHA512

    3846c8d03d3bd28ed13acc7a935f1657943977fa88b7ab00ab7250f3e909c82abb440009ebd6857e8cda42b7161fec876d43752797c7beb9026bd0f9565b953a

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: 3276b4d5d73dc9de228691c8193c374f5c83ba83341cf9405130e0095f60437b
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets

    • Target

      origin.exe

    • Size

      919KB

    • MD5

      044cdd8c2257effbd764b0f8c1f7c617

    • SHA1

      99f26e99abb7b4887efff8f2c7ee1eae76df339f

    • SHA256

      bd88d415032eb24091c352fc0732b31116f44a78d9333037bd7608289608d3cd

    • SHA512

      3846c8d03d3bd28ed13acc7a935f1657943977fa88b7ab00ab7250f3e909c82abb440009ebd6857e8cda42b7161fec876d43752797c7beb9026bd0f9565b953a

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks