Malware Analysis Report

2025-01-17 22:46

Sample ID 240603-pxwt5agb75
Target 2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker
SHA256 c62241911d2a9500eb1c4fff6b76e781e83f844c74fd22ac305ba8b1ffcc0ecf
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

c62241911d2a9500eb1c4fff6b76e781e83f844c74fd22ac305ba8b1ffcc0ecf

Threat Level: Likely benign

The file 2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:43

Reported

2024-06-03 12:45

Platform

win7-20240508-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.meijutt.tw udp
US 8.8.8.8:53 mjtt.tv udp
US 8.8.8.8:53 gitee.com udp
US 172.247.15.234:443 mjtt.tv tcp
HK 182.255.33.134:443 gitee.com tcp
US 172.247.15.234:80 mjtt.tv tcp
US 172.247.15.234:443 mjtt.tv tcp
US 172.247.15.234:443 mjtt.tv tcp
HK 182.255.33.134:443 gitee.com tcp
US 172.247.15.234:443 mjtt.tv tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:43

Reported

2024-06-03 12:45

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_06db3580d9182b9c1564b64c3bf17b4f_avoslocker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.meijutt.tw udp
US 8.8.8.8:53 gitee.com udp
US 8.8.8.8:53 mjtt.tv udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 154.12.59.61:443 www.meijutt.tw tcp
US 172.247.15.234:80 mjtt.tv tcp
HK 182.255.33.134:443 gitee.com tcp
US 172.247.15.234:443 mjtt.tv tcp
US 8.8.8.8:53 www.meijutt.net udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 61.59.12.154.in-addr.arpa udp
US 8.8.8.8:53 234.15.247.172.in-addr.arpa udp
US 8.8.8.8:53 134.33.255.182.in-addr.arpa udp
US 154.12.59.61:443 www.meijutt.net tcp
US 8.8.8.8:53 tanju.vip udp
US 192.74.230.67:443 tanju.vip tcp
US 192.74.230.67:443 tanju.vip tcp
US 192.74.230.67:443 tanju.vip tcp
US 192.74.230.67:443 tanju.vip tcp
US 192.74.230.67:443 tanju.vip tcp
US 192.74.230.67:443 tanju.vip tcp
US 192.74.230.67:443 tanju.vip tcp
US 192.74.230.67:443 tanju.vip tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 67.230.74.192.in-addr.arpa udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\mjtt\p2905858705.jpg

MD5 ccdf5bdbf76fd75de682a4567e6b484c
SHA1 16ba39fb2d0210da18f14d6e9bc0ee5670ba9ab1
SHA256 aea04a765f36a92f0ba7d232f70e41470f7f3f41340e6137059e49c1969f0fe0
SHA512 6c4ea4633268a262e037739a62e1c853246df309b7f02ab4506312d184bb9797cf87895044451fe9f091ed9a3f11058e336aeb74916949c94175192c9d168749

C:\Users\Admin\AppData\Local\Temp\mjtt\20231712101423745.jpg

MD5 d6115405477eb8dbc569358dd346057d
SHA1 47c41b25bc230f71b396c3570010e7c64e6de3df
SHA256 dc2f1475dca92df22005df4a8a92a4183b775005757ee9ef93a0ed5d735ef3a3
SHA512 b497a52b1d15a22d182826172bb1d7ad9f22493118b720acf8cb39746d5b6311fbe1ec7b345674bf4f7f4763fb78ae35b1da0759d7015407613e6712b7ee92b8

C:\Users\Admin\AppData\Local\Temp\mjtt\p2908534568.jpg

MD5 0e7da67f85e16d94ec93208d11c22e72
SHA1 9b804a76d6b9f22b854aca28c63effab6c8d2d1f
SHA256 4a0e6157035535fbacad80e4e6afddc48975038adbb32e31561b212f10d7a76e
SHA512 ca8152ef6d6d315eb5c94473e90db6b464df6b49ae43aaae2a9ce0bd7cf7b350bb73eeb13ddd293157bef5eadafb382de2a8916358659f36af9572eba6e221cb

C:\Users\Admin\AppData\Local\Temp\mjtt\p2906179172.jpg

MD5 222fe20ee6e84f1356bc2d4e1645fc46
SHA1 966a2749471003911098ca60f7dfe2c5c05f185d
SHA256 9d61c219029026416ada2d654396fb45aa8e3193125d49051663058545bad6bb
SHA512 2c54df685e16208516de5675e38af3d86e312cf44d7ce780dff58fdd060a312f302f3482090090e0679945262202cee0138971422acebb066ef57e2031efaa17

C:\Users\Admin\AppData\Local\Temp\mjtt\p2908516462.jpg

MD5 134565a2bc802f1e5b630d57aca95b4d
SHA1 a25f2a93d0f9c749ed6c5a497d2909e4da6b9213
SHA256 7f4ce587d8affcff5566416eab408072896f0c144c28550a8a3b08c8da9aefca
SHA512 ddc3fd68cfd3dde2a7194ff435104376964dae49540f2f52de5a8a247066e4ac486959a15663864715431ea5be94e02760700c943a95913faa95d894d7baca4a

C:\Users\Admin\AppData\Local\Temp\mjtt\p2907374173.jpg

MD5 bf1485ca470cdf8d864d9b515b59b0fa
SHA1 5447b847d4bf2eef6c7f8f18ca0a2701b7d79551
SHA256 76e01fcee8669022f346fb8efa0522bce6abfb59884a6bfe501de26968e217b4
SHA512 e5612b69f9b661e1fb86a1460ac2dc1e6568005778a094be18116e51f58f48ac3f996e364cf1f9c4eee9a9381666c801e6b6e3b15ae7a24d8e4700856247c10e

C:\Users\Admin\AppData\Local\Temp\mjtt\p2906982540.jpg

MD5 4ef29e20be9851aa1db50d5c94c260ff
SHA1 78546ef3d6ad48c321f29ab9a84fee847e6f22bf
SHA256 5fecdabc24617eeee147f1d9363614573259b8c1f4814cd83459d27138f401c1
SHA512 c6bbdd977c2a9709a2e15fada71a6793e9dbf394ef891b4c68d858b4b3586bdec21107ccb8c79a22a0dad9bbdf91f3de26c7ed6e4c4707ee1f5050c04695a093

C:\Users\Admin\AppData\Local\Temp\mjtt\p2907853602.jpg

MD5 db6e5c5b27ff42c7edf1b9fa9a58949f
SHA1 195c1fb8b16b784a7edd5fa2ff1656d765658ac0
SHA256 c33858e1e4f9a2d3f09aaf6e44e1480b75aaf1111a56b1628e6243c74bb6f1b4
SHA512 1641adca4baa565f0267a372e23daab3ac6e25134775b1469287afef69fefe0733f062980a0ea4d0efadd35b714aaa32be4a20b33d4fd17d2e4a50ac655d6478

C:\Users\Admin\AppData\Local\Temp\mjtt\p2908505766.jpg

MD5 d747f86722840dc51d4cdef4437682e7
SHA1 40f4f612b6a13ebfd4464f1892b6beecea7b64a9
SHA256 9864f5f6e9f0b4bb305fd651747ed23cdcf6cb4640417a9ad37a5c2c165e4a5b
SHA512 1a7992579523e84f770d93eaf09fd0bad340c324b295dc160ca41cba94ccf7a3f685592ee51575cdc38be2ac825ff13a3ccec6344aa906503265fd57f4cb5099