Overview

overview

10

Static

static

3

f810deb1ba...6f.exe

windows7-x64

10

f810deb1ba...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f.zip

  • Size

    422KB

  • Sample

    240105-cswbksgbbr

  • MD5

    7c7ea973308c53a49eb6451c40c3da93

  • SHA1

    b62586e000d4d05bee78b822af67a64fc5031ce8

  • SHA256

    d3470cbf411c34cb8fd2b21b7ab70ece9aff8b28e7b50722013ebfcfb26c954b

  • SHA512

    ddabaf72d3ad2e09565c3fdc6cbed5ee88fe213f78324fdfca423d44ad857bfb09fecb046d25ae405de11c5bc7062e654c9ee7b2aab3bf63ea587f92d851b151

  • SSDEEP

    6144:28d+pVb7UOjQqTHBfiI2Z4XWAtKK8xlW8k1Li8bWuLaVTEJfyrIP3sdQwyeq:rY5rjDTHUf4mXM1Qu1J3t7

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\GET_YOUR_FILES_BACK.txt

Ransom Note
AvosLocker Attention! Your systems have been encrypted, and your confidential documents were downloaded. In order to restore your data, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner have their data leaked in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Additional notes from attackers responsible: We have dumped 120GB from your networks which is contain your sensitive data such as : -Personal Infos -Customers Infos (Their Contacts) -Financial -HR -Pictures (Signatures, ID, Passports,...) -Documents(Personal,Contracts,...) in order to prevent of leaking these data and also prevent of more attacks you're gonna have to contact us using below information.you have only 8 days before any incidents happens. Your ID: 7fea6ca54ef9ca028caf1e750b1c5510e65e315450898444eb8e8c1ec2d57426
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets

    • Target

      f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f.exe

    • Size

      921KB

    • MD5

      27fc2796210dc3bfdede6a69ac8fa3dd

    • SHA1

      b86ece05d5adbd421b0e50709ce95d25a79ea46e

    • SHA256

      f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f

    • SHA512

      983ba7f22cf07abc2348e22b40dc27d0e94f58d5f30d9a7b3e3930f84605f1993b7239c3ed514f0a8d0718f9eb0e66220856b1259d23ed9934e5efc81143528d

    • SSDEEP

      24576:SnkXEg1ZlhKG+WWZtCpDCE5Ie534SCeTpOl13GHlI:SkXEg1ZlIzZtCpGE5j5oSHOlxmlI

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Renames multiple (198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks