General
-
Target
sex.exe
-
Size
1.6MB
-
Sample
241229-akansswmdw
-
MD5
206d771b3ff8a6076a587a6ac75e139a
-
SHA1
c83ce7184a2c75e12401aee9d7f9f3650caf6f1a
-
SHA256
eae2202ccbc0bab903d9923a88368c093ee462e20dd442669e31e12389a14fb2
-
SHA512
b389041cb9353e4a944d0f31e5f1ffc46a48ca3e84e3306503d0d91c41d1f56ae23e8d6cda548765e23633e121305a648936995d4af8cbc8a283f621b9483734
-
SSDEEP
24576:gImw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:WL5ljasaUKeaEhDF
Malware Config
Targets
-
-
Target
sex.exe
-
Size
1.6MB
-
MD5
206d771b3ff8a6076a587a6ac75e139a
-
SHA1
c83ce7184a2c75e12401aee9d7f9f3650caf6f1a
-
SHA256
eae2202ccbc0bab903d9923a88368c093ee462e20dd442669e31e12389a14fb2
-
SHA512
b389041cb9353e4a944d0f31e5f1ffc46a48ca3e84e3306503d0d91c41d1f56ae23e8d6cda548765e23633e121305a648936995d4af8cbc8a283f621b9483734
-
SSDEEP
24576:gImw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:WL5ljasaUKeaEhDF
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Avoslocker family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (10421) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1