avoslocker | 1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a

General

Target

1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
Size

602KB
MD5

200098f76839127e1c8a490fc97c5088
SHA1

21c7b77f2ab898c25a6677a99b0f0a0dc27c549d
SHA256

1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a
SHA512

f9735134db8d8eb60c7d3cd4bb0d1d17f3066fe11112f3fb71eda76596464fb61515c63dad6b2ddb4cb4c95672c642b344914b668d8cb21b1dd2ef69323f3e38
SSDEEP

12288:rx2s0jR0yePLpyYffiXbXWBq6eOfDTq0UmAlwtK3utfqBB9pcp:rL0jRkckfnBq8fn9UmAx4iH9pcp

Score

10^/10

avoslocker ransomware

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note

Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avos2fuj6olp6x36.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Hurry up, as the price may increase in the following days. If you fail to respond in a swift manner, we will leak your files in our press release/blog website accessible at http://avos53nnmi4u6amh.onion/ Your ID: c5c5cc75754e1763b14a0651e339cb3ebf64f8a6567aeb1146c5aa7ffa2d19c0

URLs

http://avos2fuj6olp6x36.onion

http://avos53nnmi4u6amh.onion/

Signatures

Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
ransomware avoslocker
Renames multiple (65) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe

pid	process
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
1168	1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe

C:\Users\Admin\AppData\Local\Temp\1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe
"C:\Users\Admin\AppData\Local\Temp\1463611b7b46fc5489c8ce287caa8e6faf0eef4c429ad996dee3f64c7c39d29a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\GET_YOUR_FILES_BACK.txt

Filesize
913B

MD5
5f379e8e4834e0318a4d32cc0694c25e

SHA1
46a05816fa412f576c695f33e1c876287e2cc939

SHA256
daafd23150d97b38e7478711b69934e662d532083ba10392b5329c4829330eb5

SHA512
23873cebede58ae7264f07634f1131a40a0766e5b65a138e0bc0d2141f5929b89c158b251c1215f08d06caf8c7f20b7a575d32855c0a30a8c201f09e756ebaa8

Download Submit
memory/1168-7-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1168-2-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1168-3-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/1168-5-0x0000000000401000-0x000000000044A000-memory.dmp

Filesize
292KB

Download
memory/1168-4-0x0000000002250000-0x000000000228F000-memory.dmp

Filesize
252KB

Download
memory/1168-0-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1168-6-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1168-1-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1168-409-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1168-467-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1168-469-0x0000000000401000-0x000000000044A000-memory.dmp

Filesize
292KB

Download
memory/1168-468-0x0000000002250000-0x000000000228F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing