avoslocker | e737c901b80ad9ed2cd800fec7c2554178c8afab196fb55a0df36acda1324721

General

Target

decryptor.zip
Size

2.4MB
Sample

220112-hvx6vabee9
MD5

31f8eedc2d82f69ccc726e012416ce33
SHA1

dab33aaf01322e88f79ffddcbc95d1ad9ad97374
SHA256

e737c901b80ad9ed2cd800fec7c2554178c8afab196fb55a0df36acda1324721
SHA512

b4874ee9f12f73556e8e3c85e20a808a735cc31c9adb28914616d3e15fa5cd1e870239e8a52e8550f2fdec8e448634352aac7a39727bba0d6477181c0427b3a2

Score

10^/10

avoslocker ransomware

Malware Config

Extracted

Path

C:\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note

Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Message from agent: RNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTERNSMNOTE Your ID: -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEApXL7x6RYKIg+gcO/WgqA86kFjeygKNqjvOsSDMkJjVYmwPNI rgSv40v1tWIsM4gek80yRNO9yWAJBywy/Qytib6pOaxSx5jr6zdKPedxf3leWYeI J8PsbOvGbh7xcAsE+bx/+yF1GwisiYmY63vuFoyjPJIwucBLdsArnuJ8MtMG/P63 oPS/ixm+RskC099n3qvoKgxkM0kQoUys9hNzFqdw5isk3onj105+Dq6BSLlluJKd zke6ReIVAi3Kdz7aO2oLJiPxg5SifEFkC/l7yqMkFzfg83UeF36VCZVQTtVy7nxD xQ/U/HL8aDAeJ+wWQcMh4xd/7CO695KcdW9NSwIDAQABAoIBAB3viiL7V4At9rFg C7VtBRwRTxH46Jm7xbifB+sMTRAnsGdlHZdu/awwyEqDct/4FyBDFn9hmIthNwD3 PFqQ+q1btB7dUTUQNE+g92vv/pdEDJBCd55KUvL6TjMKokDVnZbaRoXX7epwTVet b9/b0p593+NLyEkzw/O+naXn8PT48vnFTKX2/iOseyo2D9oq8K9cCMtBJMHAprGq UqWFGIMb2wIWEs3oYI82mOuXzxts1uBoOxI53D+QifFe45gWwu60iaZjf/VcvvGz JYY9oNA6G5OP81C4mHSUA9Rp46U73gDa1Em1NaH+gsVQeWs134DjvVahN5acmogR Nl0Go2ECgYEA5QtZvOqav2NkFolxu4brjZs0AFVQV7GjQW1dfylys/7l5/RGcCKX ByqMzxoOWcpMOGJv1s4e1JW34EE4WQwflrU/R3JkjBTiA6URaHeq2ZF7EdVCUUa4 J4vWa1WOJ5ye9uR88oVqjsnGcQA/+ickQeT+NPudyTaynNEis1SMdgMCgYEAuOuj Bv2aNBVYgMdJ2VKBXs/z6ImFQZh1T7FM0wsciTPmXOeuHDs18y3gNQSV5/P1Ad91 u5eFM2CHQ7H1Su0UOz7ZXfSpdFpupv3UVVvZYjy4axTDMnulqjmyFb71PS5m8j5l n6XFf7pKsAY+Uccya2yhuxG7/JLlSLVyZ9l97RkCgYB0Q626ss/4hMhClGQyD8u0 Jutfm+7bhOVdCdni+bQq4CHt+1ZiB3zoe1XcrtpIA+Nq37Trsdd+i705zYF/2iKS ytAjQVL+tH8B4KGUiOIl7K4vIDS4sxA5qscd1uEBBITAyL0QEl9DufLMW5ceMQ47 kLTlSjAO+n/yEErwAuQF5wKBgG8IldghuFCjrIOOpgoGn0WFyeeLg2bymyXhyMZD ururXRvVxNaQuwEsP562BSjEdA3O1ktwXHuP70g3d5iop+g3AZ+Hw6PolN5SNQeX 4fw5h2ZMjjQmyD9g60xhX7F/xjKYQr7Mc70Q572v0gWafOzByo6fxGeQ8Hlq8ann jtQpAoGBANKSUOsG7ObaB//3NF2dpUepKtHOd+xY+Lhpo1oIqHW6J5rwLjbxGZ6I rQjXzsS1R9jl81KtWQyPnq7LeO9iqMUxa4+hZ/BKGvn407Z1dphB2PqD/rHPQ0W9 dsZBRVqrnp45pSjeSZZ6JR1RnlFjWeXgtQ9ahNr8yastANg2g3Kg -----END RSA PRIVATE KEY-----

URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets

- Target
  
  app/decryptor_avos2.exe
- Size
  
  873KB
- MD5
  
  841c35b9b28d70519c2bc7dab0bdf1e7
- SHA1
  
  f07d22a54ade553ce0fce719c8afc333d20794b2
- SHA256
  
  c7307b1cfd6685c2b3a19a7239a40e8afa5432ffe039bb4b3caca8a70ad1eed6
- SHA512
  
  81c9644435408b47b88126b663e6725b9d7dddd84e478a2d8844a32d4d6a8ebc8e99ad4a5a6985fc435778da9756e7a917b00ebe422914d850a57176d5e55c4c
Score

10^/10

avoslocker ransomware
- Avoslocker Ransomware
  Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
  ransomware avoslocker
behavioral1 behavioral2
- Target
  
  app/linux/decryptor.elf
- Size
  
  1.5MB
- MD5
  
  a39b4bea47c4d123f8195a3ffb638a1b
- SHA1
  
  e60ef891027ac1dade9562f8b1de866186338da1
- SHA256
  
  cdca6936b880ab4559d3d96101e38f0cf58b87d07b0c7bf708d078c2bf209460
- SHA512
  
  0d18fa871226bfc4b353e14e114b30af174a0161cd5af308d2c9bbe6f9ccca9689d92a6b0c571ba37a322aa92bb37ed8a3264ab61fda84fba0e777225b370215
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Avoslocker Ransomware

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4