avoslocker | 05a53b88ceab3708ce07d5c879978265a090975c5ff063b7bea3b045c99b134b | Triage

Sharing

General

Target

05a53b88ceab3708ce07d5c879978265a090975c5ff063b7bea3b045c99b134b
Size

1002KB
Sample

240530-qtm89aac5v
MD5

7152fd25b0f11276a5bc19f2ccce5e75
SHA1

cba080861ab44809569f743a5aef581c0867938e
SHA256

05a53b88ceab3708ce07d5c879978265a090975c5ff063b7bea3b045c99b134b
SHA512

503f0343838c062896ac5d27abfa681ac3e54db05dce691b23327d2f249430a992bb5eba85692fe41b3c09ce65df3ed089d3bd281f41a541bc798a8f10ca7016
SSDEEP

24576:G0XiZc8dyQNFphp8YPeM8LNKW3jGY+zSvxJcYq:7+NTXGM8LNF3jDQSoYq

Score

10^/10

avoslocker defense_evasion evasion execution impact ransomware

Malware Config

Targets

- Target
  
  05a53b88ceab3708ce07d5c879978265a090975c5ff063b7bea3b045c99b134b
- Size
  
  1002KB
- MD5
  
  7152fd25b0f11276a5bc19f2ccce5e75
- SHA1
  
  cba080861ab44809569f743a5aef581c0867938e
- SHA256
  
  05a53b88ceab3708ce07d5c879978265a090975c5ff063b7bea3b045c99b134b
- SHA512
  
  503f0343838c062896ac5d27abfa681ac3e54db05dce691b23327d2f249430a992bb5eba85692fe41b3c09ce65df3ed089d3bd281f41a541bc798a8f10ca7016
- SSDEEP
  
  24576:G0XiZc8dyQNFphp8YPeM8LNKW3jGY+zSvxJcYq:7+NTXGM8LNF3jDQSoYq
Score

10^/10

avoslocker defense_evasion evasion execution impact ransomware
- Avoslocker Ransomware
  Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
  ransomware avoslocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (10371) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

avoslockerdefense_evasionevasionexecutionimpactransomware

behavioral2

avoslockerdefense_evasionevasionexecutionimpactransomware