Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25-03-2024 15:52
General
-
Target
de6152b2b3a181509c5d71a332a75043.exe
-
Size
402KB
-
MD5
de6152b2b3a181509c5d71a332a75043
-
SHA1
d62c0ad2ec132065c5807c0fe7a4cabcba34cf29
-
SHA256
01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f
-
SHA512
99df08f8c0d966c1ca866cc414939ee9ff23a044496497edd5c64fb83a7011718183272f9001dec97111a8e8387218632c7ef6a9f00644e01363540002f5b0d4
-
SSDEEP
12288:L5rxhWsTDzB6BybYxl+xX4VpMDEvqXHRAS0uayw4H5qsNI4j:L5rxhW6PB6BybYxlWX/DEv4eZw
Malware Config
Extracted
C:\MSOCache\GET_YOUR_FILES_BACK.txt
avoslocker
http://avos2fuj6olp6x36.onion
http://avos53nnmi4u6amh.onion/
Signatures
-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Renames multiple (70) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\de6152b2b3a181509c5d71a332a75043.exe"C:\Users\Admin\AppData\Local\Temp\de6152b2b3a181509c5d71a332a75043.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
913B
MD50237b63f764204e00d7242cc4d908271
SHA19d88e59463e2a963bea95d6a2cc5383e922f2f27
SHA2567bee0aff7241590f5bd35727a1a544a492b7533f1acba685611dd269078d1857
SHA5120daec31046c2704b30760f7aecc944f9591cdf22511e5e9276f3dbc376cc60b04853c3e25abca2e754aeaaaac49c264c7d89d418c832c8275fb5484d51a99b3e