General
-
Target
Roseland.bin
-
Size
807KB
-
Sample
230316-k56l3sab26
-
MD5
19944159dfa94a1b75effd85e6b906dc
-
SHA1
250acf87366f4c0cf91679a0e93dfc79954f0f10
-
SHA256
bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705
-
SHA512
c791840f59c2fc906c197c43e0e1717b9504cf46177a3688ecbd4937cdbf95349d68cc1e63649b85f02df4e6990c4df4756dd8267b062ea5271dd61fc3e508b0
-
SSDEEP
12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA7:u4s+oT+NXBLi0rjFXvyHBlbnCZa8
Static task
static1
Behavioral task
behavioral1
Sample
Roseland.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Roseland.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Roseland.bin
-
Size
807KB
-
MD5
19944159dfa94a1b75effd85e6b906dc
-
SHA1
250acf87366f4c0cf91679a0e93dfc79954f0f10
-
SHA256
bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705
-
SHA512
c791840f59c2fc906c197c43e0e1717b9504cf46177a3688ecbd4937cdbf95349d68cc1e63649b85f02df4e6990c4df4756dd8267b062ea5271dd61fc3e508b0
-
SSDEEP
12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA7:u4s+oT+NXBLi0rjFXvyHBlbnCZa8
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-