Overview

overview

10

Static

static

29910ea42c...le.exe

windows7_x64

10

29910ea42c...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.bin.sample

  • Size

    402KB

  • Sample

    211123-rna76sdea8

  • MD5

    f646ee1e7765458e1ac0d3b9b413a4f4

  • SHA1

    732dee57ca723a008c00bdfae338a9cca4767cd2

  • SHA256

    29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08

  • SHA512

    79d6b8c56a80ce3b8a0621050e051160902168620a2b125cd6af2f9a5ec249264af31e7f636c045e3055340cf13e76eb743eb5cb27dc9843b63c852640a6cfc3

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Message from agent: We have exfiltrated confidential documents, passports scans, social security numbers and financial documents. All data will be leaked if you do not cooperate! Your ID: 168e11dcf2c8e477a570a445a82dec00ed1ae418a6722075b2986ccfd661f2d6
URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Targets

    • Target

      29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.bin.sample

    • Size

      402KB

    • MD5

      f646ee1e7765458e1ac0d3b9b413a4f4

    • SHA1

      732dee57ca723a008c00bdfae338a9cca4767cd2

    • SHA256

      29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08

    • SHA512

      79d6b8c56a80ce3b8a0621050e051160902168620a2b125cd6af2f9a5ec249264af31e7f636c045e3055340cf13e76eb743eb5cb27dc9843b63c852640a6cfc3

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks