Overview

overview

10

Static

static

3

sex.exe

windows7-x64

10

sex.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sex.exe

  • Size

    1.6MB

  • Sample

    241229-amjpgswphl

  • MD5

    6bd9e9d6f55a5491d8b24768023ab9d7

  • SHA1

    2a5c3b978530bb2cdc981ccf52dd58a41010bc4e

  • SHA256

    7859dd2f4c9797122bfe2097c5d17279c4050471c67110f95906ac152fec76a2

  • SHA512

    1cd39b1d85bd9ae6d1399cd8d0e4d878b0602cd068750bb349b9c6d143d571baaab81e559e1f8cfb769ad5e1b1e0aad605b1f912ca768c554229215e218f8e18

  • SSDEEP

    24576:1Imw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:LL5ljasaUKeaEhDF

Score
10/10
avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealerupx

Malware Config

Targets

    • Target

      sex.exe

    • Size

      1.6MB

    • MD5

      6bd9e9d6f55a5491d8b24768023ab9d7

    • SHA1

      2a5c3b978530bb2cdc981ccf52dd58a41010bc4e

    • SHA256

      7859dd2f4c9797122bfe2097c5d17279c4050471c67110f95906ac152fec76a2

    • SHA512

      1cd39b1d85bd9ae6d1399cd8d0e4d878b0602cd068750bb349b9c6d143d571baaab81e559e1f8cfb769ad5e1b1e0aad605b1f912ca768c554229215e218f8e18

    • SSDEEP

      24576:1Imw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:LL5ljasaUKeaEhDF

    Score
    10/10
    avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwareupxspywarestealer

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Avoslocker family

      avoslocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Renames multiple (9660) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.