General
-
Target
ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f
-
Size
807KB
-
Sample
241215-agczrazpcj
-
MD5
e27b5291c8fb2dfdeb7f16bb6851df5e
-
SHA1
40207f83b601cd60905c1f807ac0889c80dfe33f
-
SHA256
ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f
-
SHA512
2ddbc50cd780ffbf73c354b9b437322eb49cb05bb6f287d54e7dcafb61dc4c4549e37ae2f972f3d240bfa7d2ca485b7583137f1bf038bc901f378cea0c305c6a
-
SSDEEP
12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYAG:u4s+oT+NXBLi0rjFXvyHBlbmCZa8
Malware Config
Targets
-
-
Target
ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f
-
Size
807KB
-
MD5
e27b5291c8fb2dfdeb7f16bb6851df5e
-
SHA1
40207f83b601cd60905c1f807ac0889c80dfe33f
-
SHA256
ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f
-
SHA512
2ddbc50cd780ffbf73c354b9b437322eb49cb05bb6f287d54e7dcafb61dc4c4549e37ae2f972f3d240bfa7d2ca485b7583137f1bf038bc901f378cea0c305c6a
-
SSDEEP
12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYAG:u4s+oT+NXBLi0rjFXvyHBlbmCZa8
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Avoslocker family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (10398) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1