General
-
Target
test.exe
-
Size
1.1MB
-
Sample
241225-cfnqzatqfm
-
MD5
04dbd49522ee24448a45aebf69e88850
-
SHA1
67b8315214cb31fa4b5e013f24884b663768f2cf
-
SHA256
f5880e3ce512f648351291a3728b13adb6c87954f9a88c3070dce9f4c5c5b1f4
-
SHA512
9e30f7160dfe6fed3c4700ba13fffc7f69ae0cba530585bf3ece644b56572cc929652693d51da9a8067435fbc5b675dff12cedf0ad976c5d60d909bbe1e249a7
-
SSDEEP
24576:u4s+oT+NXBLi0rjFXvyHBlbmCZa8pXawp90sQvX:uioT+NXVFjxvMBlbmya8pKU9nQvX
Malware Config
Targets
-
-
Target
test.exe
-
Size
1.1MB
-
MD5
04dbd49522ee24448a45aebf69e88850
-
SHA1
67b8315214cb31fa4b5e013f24884b663768f2cf
-
SHA256
f5880e3ce512f648351291a3728b13adb6c87954f9a88c3070dce9f4c5c5b1f4
-
SHA512
9e30f7160dfe6fed3c4700ba13fffc7f69ae0cba530585bf3ece644b56572cc929652693d51da9a8067435fbc5b675dff12cedf0ad976c5d60d909bbe1e249a7
-
SSDEEP
24576:u4s+oT+NXBLi0rjFXvyHBlbmCZa8pXawp90sQvX:uioT+NXVFjxvMBlbmya8pKU9nQvX
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Avoslocker family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (10402) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1