General

  • Target

    208c45f500c299bc4ebd80d1e230cc41

  • Size

    402KB

  • Sample

    231225-qc14sahfd2

  • MD5

    208c45f500c299bc4ebd80d1e230cc41

  • SHA1

    1c0b42efd324cab1625423b5634ee4b67ad62ac5

  • SHA256

    97820cf8de59555d2d333ac724c6a72c610b8c537f35139ebb1a5a362e68f789

  • SHA512

    d34d6ffcb4751f0a5391fd08cd6c78ceb6bdcc9c4346b28cd8c0e00a1ab810e1990dd752b70852aaed73738c888e6d0d73485c1e58582e8d0aedc106551e2637

  • SSDEEP

    12288:L5rxhWsTDzB6BybYxl+xX4VpMDEvqXHRAS0uayw4HUsNI4j:L5rxhW6PB6BybYxlWX/DEv4eNw

Score
10/10

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-1603059206-2004189698-4139800220-1000\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Message from agent: Data from HIBSSERV1118 was exfiltrated. This data will be leaked if we can't get a word back from you in 3 days. Your ID: 2aa81efb15920446a7e920d80afd1e9397a787295456bd5518c1f096345e61e1
URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Targets

    • Target

      208c45f500c299bc4ebd80d1e230cc41

    • Size

      402KB

    • MD5

      208c45f500c299bc4ebd80d1e230cc41

    • SHA1

      1c0b42efd324cab1625423b5634ee4b67ad62ac5

    • SHA256

      97820cf8de59555d2d333ac724c6a72c610b8c537f35139ebb1a5a362e68f789

    • SHA512

      d34d6ffcb4751f0a5391fd08cd6c78ceb6bdcc9c4346b28cd8c0e00a1ab810e1990dd752b70852aaed73738c888e6d0d73485c1e58582e8d0aedc106551e2637

    • SSDEEP

      12288:L5rxhWsTDzB6BybYxl+xX4VpMDEvqXHRAS0uayw4HUsNI4j:L5rxhW6PB6BybYxlWX/DEv4eNw

    Score
    10/10
    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    • Renames multiple (96) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Matrix

Tasks