Resubmissions

16-03-2023 09:24

230316-ldhxdaab62 10

16-03-2023 09:12

230316-k56l3sab26 10

30-01-2023 14:58

230130-sb9ewaag73 9

30-01-2023 14:44

230130-r4m7nscd8s 9

13-01-2023 09:23

230113-lcgmxsfh22 9

General

  • Target

    Roseland.bin

  • Size

    807KB

  • Sample

    230316-k56l3sab26

  • MD5

    19944159dfa94a1b75effd85e6b906dc

  • SHA1

    250acf87366f4c0cf91679a0e93dfc79954f0f10

  • SHA256

    bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705

  • SHA512

    c791840f59c2fc906c197c43e0e1717b9504cf46177a3688ecbd4937cdbf95349d68cc1e63649b85f02df4e6990c4df4756dd8267b062ea5271dd61fc3e508b0

  • SSDEEP

    12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA7:u4s+oT+NXBLi0rjFXvyHBlbnCZa8

Malware Config

Targets

    • Target

      Roseland.bin

    • Size

      807KB

    • MD5

      19944159dfa94a1b75effd85e6b906dc

    • SHA1

      250acf87366f4c0cf91679a0e93dfc79954f0f10

    • SHA256

      bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705

    • SHA512

      c791840f59c2fc906c197c43e0e1717b9504cf46177a3688ecbd4937cdbf95349d68cc1e63649b85f02df4e6990c4df4756dd8267b062ea5271dd61fc3e508b0

    • SSDEEP

      12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA7:u4s+oT+NXBLi0rjFXvyHBlbnCZa8

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks