General

  • Target

    2024-05-15_5a739a48184a157401ce7cd8966572a4_avoslocker

  • Size

    2.0MB

  • Sample

    240515-nnentafc6y

  • MD5

    5a739a48184a157401ce7cd8966572a4

  • SHA1

    0791597e3ac5e61df7accf9d5c5c94fc63501b16

  • SHA256

    73beae6766d2b0d738e9ce0744bed53d598b5530e59c8255c726b146d7bab2cf

  • SHA512

    97e7ae5c5f2b7801da6f9bedcae75ec52c7dbaf769aa0f5165c6b75b7b66a34033381d04020ee88dd5d9142aa948eac5da3161fcf8da1a4edf44c9e6defe201b

  • SSDEEP

    49152:rhMMkXElGWNzFO3qAeyLDvMlrY0XK/CDmg27RnWGj:r9zFO3qJvnD527BWG

Malware Config

Targets

    • Target

      2024-05-15_5a739a48184a157401ce7cd8966572a4_avoslocker

    • Size

      2.0MB

    • MD5

      5a739a48184a157401ce7cd8966572a4

    • SHA1

      0791597e3ac5e61df7accf9d5c5c94fc63501b16

    • SHA256

      73beae6766d2b0d738e9ce0744bed53d598b5530e59c8255c726b146d7bab2cf

    • SHA512

      97e7ae5c5f2b7801da6f9bedcae75ec52c7dbaf769aa0f5165c6b75b7b66a34033381d04020ee88dd5d9142aa948eac5da3161fcf8da1a4edf44c9e6defe201b

    • SSDEEP

      49152:rhMMkXElGWNzFO3qAeyLDvMlrY0XK/CDmg27RnWGj:r9zFO3qJvnD527BWG

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks