Overview

overview

10

Static

static

3

sex.exe

windows7-x64

10

sex.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sex.exe

  • Size

    1.6MB

  • Sample

    241229-amjpgswphl

  • MD5

    6bd9e9d6f55a5491d8b24768023ab9d7

  • SHA1

    2a5c3b978530bb2cdc981ccf52dd58a41010bc4e

  • SHA256

    7859dd2f4c9797122bfe2097c5d17279c4050471c67110f95906ac152fec76a2

  • SHA512

    1cd39b1d85bd9ae6d1399cd8d0e4d878b0602cd068750bb349b9c6d143d571baaab81e559e1f8cfb769ad5e1b1e0aad605b1f912ca768c554229215e218f8e18

  • SSDEEP

    24576:1Imw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:LL5ljasaUKeaEhDF

Score
10/10
avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealerupx

Malware Config

Targets

    • Target

      sex.exe

    • Size

      1.6MB

    • MD5

      6bd9e9d6f55a5491d8b24768023ab9d7

    • SHA1

      2a5c3b978530bb2cdc981ccf52dd58a41010bc4e

    • SHA256

      7859dd2f4c9797122bfe2097c5d17279c4050471c67110f95906ac152fec76a2

    • SHA512

      1cd39b1d85bd9ae6d1399cd8d0e4d878b0602cd068750bb349b9c6d143d571baaab81e559e1f8cfb769ad5e1b1e0aad605b1f912ca768c554229215e218f8e18

    • SSDEEP

      24576:1Imw98okVgela0as5CqLVO7XJCjkD3N0HRAxV0aEhbHdn0TrldepPZ:LL5ljasaUKeaEhDF

    Score
    10/10
    avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwareupxspywarestealer

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Avoslocker family

      avoslocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Renames multiple (9660) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks