General

  • Target

    e76ac2944fb3f66037bc7dd7e83f63bc58099ff2fe31658085c1fdf3d99e3f87

  • Size

    371KB

  • Sample

    240909-t1jfesyblj

  • MD5

    fa74601145686e95083492e244eeeb77

  • SHA1

    9de7c348b8bfc11ba8f28ff11f19172f3024987d

  • SHA256

    e76ac2944fb3f66037bc7dd7e83f63bc58099ff2fe31658085c1fdf3d99e3f87

  • SHA512

    88c5daf1a48fef42c86756743830f3528068a0a707acc735a8b6949a884110f3fbda38501d0df717e640137f9cb22d50ac3b7006180b59342380f398e20ab2b7

  • SSDEEP

    6144:nQKaNUzDAKK186Wyi/A8FLV5N2PAzR7+bm5LeGfcYtUah13hKF7X5lsCo8d4lGZq:QFy8KK1cyWAeJ5nZ+K7fp3mrN7qleq

Malware Config

Targets

    • Target

      AvosLocker.exe

    • Size

      807KB

    • MD5

      8da384b2427b8397a5934182c159c257

    • SHA1

      7bcd2d32a19c1ac7bd014dc9e64b806fdff5f5de

    • SHA256

      f8e99bbacc62b0f72aa12f5f92e35607fa0382a881fe4a4b9476fc6b87a03c78

    • SHA512

      3c4b1736efa48a4897769f12df488e60737523eaffc886ecfbd5b7191f058749bdb4a36feb067e8ca0ef418a7602b3390b6cf465412b88a4ba2fce8a4d670a89

    • SSDEEP

      12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYAu:u4s+oT+NXBLi0rjFXvyHBlb6CZa8

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Renames multiple (10405) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.