Resubmissions

11-05-2023 15:49

230511-s9f6zsad87 10

11-05-2023 15:45

230511-s7b49agc64 10

03-05-2023 23:25

230503-3edsgsba4x 10

03-05-2023 11:43

230503-nv3n8aee94 10

General

  • Target

    Avos2.zip

  • Size

    371KB

  • Sample

    230511-s9f6zsad87

  • MD5

    c9f97820c06f85a39359d97489379925

  • SHA1

    631206da423a9f5a5b973831e1c7efb84c8e493e

  • SHA256

    1198fb9117776809b11a19000161377384957bee846f7b25a610fc8ca082eb37

  • SHA512

    a18c9bdea81b2076e6eda79a72aff0fb4cd4b94e76cd0471f0d4c29920d71ec89d6dca0a93cc3b197121ccc9d8d592a53a6abcda523464c7c949d4ad9b1a9c99

  • SSDEEP

    6144:PgbXn1IPkVEerYs94ZmfIOkTJcd/SV16n0Kbfm3b2iM5hoiaquJxv+H:oD1fVjSqkV163ab2iIFaRv+H

Malware Config

Targets

    • Target

      5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa

    • Size

      807KB

    • MD5

      1a23dd405a1bd4e488c5fb54f22e14ff

    • SHA1

      73b1d319fb361e591c2e6a65caaea73186f51193

    • SHA256

      5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa

    • SHA512

      b9ff21124e04ec7c9e5159cc7cc8ce1110b35941c7a1235b4bd55911ad17c03ace3ce1173e784e6154b09a6eb21da880b7f54886bda589e6293e69d92337f80b

    • SSDEEP

      12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA:u4s+oT+NXBLi0rjFXvyHBlb4CZa8

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks