Overview

overview

10

Static

static

6cc510a772...a2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.7z

  • Size

    341KB

  • Sample

    220123-rah1vsgaeq

  • MD5

    0b8b52ccdcad80f2bd9f3ac1088bf9c4

  • SHA1

    a1b35bc12d60e6c3eb00dd1174e47b6046a3e72a

  • SHA256

    df480deb191b335dcbc3d4fc5d59594cb38caee2aaef8d877fbbc573de741301

  • SHA512

    0147f02113c6ad29955727f873e2b6206dbbcbf0c129b624ae7b36c340e04288b7547034bc06261b18f123a47b4d575929bb92d618c46d4dd6d5420d2b4ae5e4

Score
10/10
avoslockerpersistenceransomware

Malware Config

Extracted

Path

C:\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: 08604a3c44a32c3c2a51182916c1de99605478319605c31f1215e6109c01f9db
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets

    • Target

      6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2

    • Size

      919KB

    • MD5

      40f2238875fcbd2a92cfefc4846a15a8

    • SHA1

      06dce6a5df6ee0099602863a47e2cdeea4e34764

    • SHA256

      6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2

    • SHA512

      8ab1a2124a67e91a4e1842b5f600f977d3d72d398b64ee690c297a04b733e60e01fe4383a1fdf25bb412bc1294d69c5402bd60159c3125bdfb709d024c8e04b8

    Score
    10/10
    avoslockerpersistenceransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Modifies Installed Components in the registry

      persistence

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks