Overview

overview

10

Static

static

3

de6152b2b3...43.exe

windows7-x64

10

de6152b2b3...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de6152b2b3a181509c5d71a332a75043

  • Size

    402KB

  • Sample

    240325-ta8mmacc58

  • MD5

    de6152b2b3a181509c5d71a332a75043

  • SHA1

    d62c0ad2ec132065c5807c0fe7a4cabcba34cf29

  • SHA256

    01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f

  • SHA512

    99df08f8c0d966c1ca866cc414939ee9ff23a044496497edd5c64fb83a7011718183272f9001dec97111a8e8387218632c7ef6a9f00644e01363540002f5b0d4

  • SSDEEP

    12288:L5rxhWsTDzB6BybYxl+xX4VpMDEvqXHRAS0uayw4H5qsNI4j:L5rxhW6PB6BybYxlWX/DEv4eZw

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\MSOCache\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Your ID: a897b099bf811da5f3a69ceedd351c4f9afac28b8d72f4544d4d6a521209ad24
URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Targets

    • Target

      de6152b2b3a181509c5d71a332a75043

    • Size

      402KB

    • MD5

      de6152b2b3a181509c5d71a332a75043

    • SHA1

      d62c0ad2ec132065c5807c0fe7a4cabcba34cf29

    • SHA256

      01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f

    • SHA512

      99df08f8c0d966c1ca866cc414939ee9ff23a044496497edd5c64fb83a7011718183272f9001dec97111a8e8387218632c7ef6a9f00644e01363540002f5b0d4

    • SSDEEP

      12288:L5rxhWsTDzB6BybYxl+xX4VpMDEvqXHRAS0uayw4H5qsNI4j:L5rxhW6PB6BybYxlWX/DEv4eZw

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Renames multiple (70) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks