General

  • Target

    offline.exe

  • Size

    915KB

  • Sample

    210928-xdmq4sceg6

  • MD5

    1bdffb5a5d1986792c5a70ef39bfc5c1

  • SHA1

    e7de910d60ff4f2dbfb7e42d77f0cbbec8ba1fca

  • SHA256

    373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386

  • SHA512

    6bceafc9098d42136f8a07a15486441b85c5410e716ce02d71f441ccda3dd75d748d7eb3b16df06eb424c55d289036688b18b1501bfdbf98d826ae6c5595cbab

Score
10/10

Malware Config

Extracted

Path

C:\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: fcf1575dad4fc1d9b259dfc17e0ae1c6e1eb7e142247c8410dd740bf8bc7efb1
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets

    • Target

      offline.exe

    • Size

      915KB

    • MD5

      1bdffb5a5d1986792c5a70ef39bfc5c1

    • SHA1

      e7de910d60ff4f2dbfb7e42d77f0cbbec8ba1fca

    • SHA256

      373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386

    • SHA512

      6bceafc9098d42136f8a07a15486441b85c5410e716ce02d71f441ccda3dd75d748d7eb3b16df06eb424c55d289036688b18b1501bfdbf98d826ae6c5595cbab

    Score
    10/10
    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

MITRE ATT&CK Matrix

Tasks