avoslocker | df480deb191b335dcbc3d4fc5d59594cb38caee2aaef8d877fbbc573de741301

Analysis

max time kernel
91s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-09-2022 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
Size

919KB
MD5

40f2238875fcbd2a92cfefc4846a15a8
SHA1

06dce6a5df6ee0099602863a47e2cdeea4e34764
SHA256

6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2
SHA512

8ab1a2124a67e91a4e1842b5f600f977d3d72d398b64ee690c297a04b733e60e01fe4383a1fdf25bb412bc1294d69c5402bd60159c3125bdfb709d024c8e04b8
SSDEEP

24576:ID7x8JDwepWTu/g6YvOkAT5OdAP6tfKf2J9lb:Ifx8JDwepWaOvOkANOdS6BT9V

Score

10^/10

avoslocker ransomware

Malware Config

Extracted

Path

C:\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note

Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: 08604a3c44a32c3c2a51182916c1de99605478319605c31f1215e6109c01f9db

URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Signatures

Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
ransomware avoslocker

Modifies extensions of user files 6 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\EnableApprove.raw => C:\Users\Admin\Pictures\EnableApprove.raw.avos2	6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
File renamed	C:\Users\Admin\Pictures\RequestEnable.crw => C:\Users\Admin\Pictures\RequestEnable.crw.avos2	6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
File renamed	C:\Users\Admin\Pictures\SendResume.png => C:\Users\Admin\Pictures\SendResume.png.avos2	6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
File renamed	C:\Users\Admin\Pictures\ResumeWait.raw => C:\Users\Admin\Pictures\ResumeWait.raw.avos2	6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
File renamed	C:\Users\Admin\Pictures\DebugPush.png => C:\Users\Admin\Pictures\DebugPush.png.avos2	6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
File renamed	C:\Users\Admin\Pictures\SubmitRemove.tif => C:\Users\Admin\Pictures\SubmitRemove.tif.avos2	6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe

C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
"C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe"
1⤵
- Modifies extensions of user files
PID:5044

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads