General
-
Target
RNSM00475.7z
-
Size
54.2MB
-
Sample
240924-t874ratdnp
-
MD5
8c8b6e8695bd5235c7cb7590bb1c60fc
-
SHA1
c90a814e4061b6aca686f74f9cf1a3c5822a2b54
-
SHA256
1fbfdf74a1a014bf68815f4efbf04acfe304b78d8cc6e2464fc25b0b56752e00
-
SHA512
085fef245b52daca6b447e18ac0a0169d0bed23b8be7106ae188ee8b900f21c0aa6627e3759d0e39e710955ce516144a0e55187a2dff4e28bae1c92fc79aafb9
-
SSDEEP
786432:sVgbtJA8C96CGC9ARnR8HKw4dHmWIywSF8/M6Jfnm6Y+s6uD+/uAgjpMt9enS//p:sVUr0BbFSFz/aluD+KMt9z/mWJ95rr
Malware Config
Targets
-
-
Target
RNSM00475.7z
-
Size
54.2MB
-
MD5
8c8b6e8695bd5235c7cb7590bb1c60fc
-
SHA1
c90a814e4061b6aca686f74f9cf1a3c5822a2b54
-
SHA256
1fbfdf74a1a014bf68815f4efbf04acfe304b78d8cc6e2464fc25b0b56752e00
-
SHA512
085fef245b52daca6b447e18ac0a0169d0bed23b8be7106ae188ee8b900f21c0aa6627e3759d0e39e710955ce516144a0e55187a2dff4e28bae1c92fc79aafb9
-
SSDEEP
786432:sVgbtJA8C96CGC9ARnR8HKw4dHmWIywSF8/M6Jfnm6Y+s6uD+/uAgjpMt9enS//p:sVUr0BbFSFz/aluD+KMt9z/mWJ95rr
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
GandCrab payload
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Renames multiple (56) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Sets desktop wallpaper using registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-