Malware Analysis Report

2024-10-16 03:28

Sample ID 240407-qa5desdf54
Target 6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2
SHA256 6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2
Tags
avoslocker ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2

Threat Level: Known bad

The file 6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2 was found to be: Known bad.

Malicious Activity Summary

avoslocker ransomware

Avoslocker Ransomware

Renames multiple (197) files with added filename extension

Renames multiple (171) files with added filename extension

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-07 13:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 13:04

Reported

2024-04-07 13:05

Platform

win7-20240221-en

Max time kernel

15s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe"

Signatures

Avoslocker Ransomware

ransomware avoslocker

Renames multiple (197) files with added filename extension

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe

"C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe"

Network

N/A

Files

C:\Users\Default\Saved Games\GET_YOUR_FILES_BACK.txt

MD5 651c844ad8ffea0473fc70cc13ff2e47
SHA1 f904db3a0e77df893d39cb41fe4297589db82459
SHA256 f55ec710e56442344196f3612207118d89f877a79a6f8028db520631ace0fa0b
SHA512 91ca8247d673d8381ca5edc394e86956844218ae291e20480817a5a93ae6e4573af419e3d571815030a375de16e85fd5ec7693331aa6753fe07b88e15701fcae

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 13:04

Reported

2024-04-07 13:07

Platform

win10v2004-20240226-en

Max time kernel

93s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe"

Signatures

Avoslocker Ransomware

ransomware avoslocker

Renames multiple (171) files with added filename extension

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe

"C:\Users\Admin\AppData\Local\Temp\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe"

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Default\Saved Games\GET_YOUR_FILES_BACK.txt

MD5 651c844ad8ffea0473fc70cc13ff2e47
SHA1 f904db3a0e77df893d39cb41fe4297589db82459
SHA256 f55ec710e56442344196f3612207118d89f877a79a6f8028db520631ace0fa0b
SHA512 91ca8247d673d8381ca5edc394e86956844218ae291e20480817a5a93ae6e4573af419e3d571815030a375de16e85fd5ec7693331aa6753fe07b88e15701fcae