Overview

overview

10

Static

static

43b7a60c0e...56.exe

windows7-x64

10

43b7a60c0e...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.zip

  • Size

    201KB

  • Sample

    221213-jg7c2aec46

  • MD5

    0a235fd10620546cf27de277f2f6051d

  • SHA1

    fce65a0727550e4d64fc69cbf54ca5535ba6c7cb

  • SHA256

    91ecad5a2010a6d8b6b738a88a1e3db30bd0e4fbc647cd49ecadebdf0a357643

  • SHA512

    8781a20a5436816791b2106d4d45021bb8698ba437d2d87a89801e0b1b5322da400017702ee49c64cfa520ab8a38b715a81e94e6294836b9dd8cd12ead9548be

  • SSDEEP

    3072:5S7LJq4bClHqBYUc6ufT6fj3HgM1Ct+3smcGkpS3VrE5fJHeK+qjGkBIxJGZGbco:5Shb2K5cc7Abtk4pS3V+flewGXHzco

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Message from agent: We have exfiltrated confidential documents, passports scans, social security numbers and financial documents. All data will be leaked if you do not cooperate! Your ID: 168e11dcf2c8e477a570a445a82dec00ed1ae418a6722075b2986ccfd661f2d6
URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Targets

    • Target

      43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe

    • Size

      402KB

    • MD5

      d285f1366d0d4fdae0b558db690497ea

    • SHA1

      f6f94e2f49cd64a9590963ef3852e135e2b8deba

    • SHA256

      43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856

    • SHA512

      0922a6698c9a63935289fed5f70eff7cd4603c113410e713bcff6039a70edd1b505af503fb0f9e19b21f56cacba1d774c9a51dc275be2a0d67477731c5cc2718

    • SSDEEP

      12288:L5rxhWsTDzB6BybYxl+xX4VpMDEvqXHRAS0uayw4HxsNI4j:L5rxhW6PB6BybYxlWX/DEv4eow

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks