run.exe

General
Target

run.exe

Size

921KB

Sample

210926-pwcd4aehb8

Score
10 /10
MD5

b76d1d3d2d40366569da67620cf78a87

SHA1

ae23c0227afc973f11d6d08d898a6bb7516418e2

SHA256

718810b8eeb682fc70df602d952c0c83e028c5a5bfa44c506756980caf2edebb

SHA512

85991cd78c13546e3fcb9da0574000eb1ff118c05f77d603c19941f3eaab908ab65b57f82dbd20d4c7784d0892ff5ea8ab8c160338d78b5fc76f71e09cec20b5

Malware Config

Extracted

Path C:\GET_YOUR_FILES_BACK.txt
Ransom Note
AvosLocker Attention! Your systems have been encrypted, and your confidential documents were downloaded. In order to restore your data, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner have their data leaked in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: a77832c5ecdb671734d285a12860d02ef838e880641a7f9adcdeab6254212c04
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets
Target

run.exe

MD5

b76d1d3d2d40366569da67620cf78a87

Filesize

921KB

Score
10 /10
SHA1

ae23c0227afc973f11d6d08d898a6bb7516418e2

SHA256

718810b8eeb682fc70df602d952c0c83e028c5a5bfa44c506756980caf2edebb

SHA512

85991cd78c13546e3fcb9da0574000eb1ff118c05f77d603c19941f3eaab908ab65b57f82dbd20d4c7784d0892ff5ea8ab8c160338d78b5fc76f71e09cec20b5

Tags

Signatures

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Sets desktop wallpaper using registry

    Tags

    TTPs

    Defacement Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10