General
-
Target
sex.exe
-
Size
1.6MB
-
Sample
241229-ahlchswpbj
-
MD5
32d34c51bc6fc4eddb6fdf80ea8c574f
-
SHA1
c3f3f908a927597c114c046d0f2a7ef4e76cb46b
-
SHA256
8c09852891a594c9327627c7fd3a6167281bc6285661510bd6d605adab9b6d6f
-
SHA512
42b5035a13c949c7a170b393437e71fb43f96dce84a40541efaed9a277b77f8001d949d1b2209e3d70a4eb2f517bc5c6f978e54d2a20eaddf591cfe61e28cab5
-
SSDEEP
24576:KImw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:0L5ljasaUKeaEhDF
Malware Config
Targets
-
-
Target
sex.exe
-
Size
1.6MB
-
MD5
32d34c51bc6fc4eddb6fdf80ea8c574f
-
SHA1
c3f3f908a927597c114c046d0f2a7ef4e76cb46b
-
SHA256
8c09852891a594c9327627c7fd3a6167281bc6285661510bd6d605adab9b6d6f
-
SHA512
42b5035a13c949c7a170b393437e71fb43f96dce84a40541efaed9a277b77f8001d949d1b2209e3d70a4eb2f517bc5c6f978e54d2a20eaddf591cfe61e28cab5
-
SSDEEP
24576:KImw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:0L5ljasaUKeaEhDF
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Avoslocker family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (10418) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1