avoslocker | 09f602b6abe27f0263e87422d890d282c3208d4fb7f41139dcafc9972c36dd35 | Triage

Sharing

General

Target

09f602b6abe27f0263e87422d890d282c3208d4fb7f41139dcafc9972c36dd35
Size

1.1MB
Sample

240529-paxsxaee36
MD5

7dd0ecddec8c2a13b97ebfcd0b7889cb
SHA1

ba26cdd8c21bac8e7b49b419290208c7e91b9df0
SHA256

09f602b6abe27f0263e87422d890d282c3208d4fb7f41139dcafc9972c36dd35
SHA512

1e8097e66dccac8b198af4e000f54c1841d631220562aa94ae950977a34bb79dab89525cc4221c173265c03cbfcd49ebeaab43ee3520f6411fa26686e68e970d
SSDEEP

24576:g7xd22Xurl3uCiwv1CE7nNpdoQbMrLjVvCjkhR8U:4226xtNoQm3V6jM

Score

10^/10

avoslocker execution ransomware

Malware Config

Targets

- Target
  
  09f602b6abe27f0263e87422d890d282c3208d4fb7f41139dcafc9972c36dd35
- Size
  
  1.1MB
- MD5
  
  7dd0ecddec8c2a13b97ebfcd0b7889cb
- SHA1
  
  ba26cdd8c21bac8e7b49b419290208c7e91b9df0
- SHA256
  
  09f602b6abe27f0263e87422d890d282c3208d4fb7f41139dcafc9972c36dd35
- SHA512
  
  1e8097e66dccac8b198af4e000f54c1841d631220562aa94ae950977a34bb79dab89525cc4221c173265c03cbfcd49ebeaab43ee3520f6411fa26686e68e970d
- SSDEEP
  
  24576:g7xd22Xurl3uCiwv1CE7nNpdoQbMrLjVvCjkhR8U:4226xtNoQm3V6jM
Score

10^/10

avoslocker execution ransomware
- Avoslocker Ransomware
  Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
  ransomware avoslocker
- Renames multiple (175) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

avoslockerexecutionransomware

behavioral2

avoslockerexecutionransomware