Overview

overview

10

Static

static

Avos_18_07...KB.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Avos_18_07_2021_403KB.exe

  • Size

    402KB

  • Sample

    220119-ezfwksfcdj

  • MD5

    de6152b2b3a181509c5d71a332a75043

  • SHA1

    d62c0ad2ec132065c5807c0fe7a4cabcba34cf29

  • SHA256

    01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f

  • SHA512

    99df08f8c0d966c1ca866cc414939ee9ff23a044496497edd5c64fb83a7011718183272f9001dec97111a8e8387218632c7ef6a9f00644e01363540002f5b0d4

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Your ID: a897b099bf811da5f3a69ceedd351c4f9afac28b8d72f4544d4d6a521209ad24
URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Targets

    • Target

      Avos_18_07_2021_403KB.exe

    • Size

      402KB

    • MD5

      de6152b2b3a181509c5d71a332a75043

    • SHA1

      d62c0ad2ec132065c5807c0fe7a4cabcba34cf29

    • SHA256

      01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f

    • SHA512

      99df08f8c0d966c1ca866cc414939ee9ff23a044496497edd5c64fb83a7011718183272f9001dec97111a8e8387218632c7ef6a9f00644e01363540002f5b0d4

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks