General
-
Target
sex.exe
-
Size
3.2MB
-
Sample
241229-an2axswqcp
-
MD5
8723cc503a22121c16aff46292e93864
-
SHA1
c9a5e6e7e7ddb134a7e16659e344cf5f7f44fe84
-
SHA256
320bfe152dcc772f7a44379e7929d452dc2221b8cec9bc11344068832a143b6a
-
SHA512
f45bfb11d9f69613a89bdadc85ec90cb2e3eaa7cf40380e48a028966bcbd4cb9b6a225a16dc09036c1a65d3db9cabecc0c130c7c5c2605f41e53b4f708ecc6c7
-
SSDEEP
24576:7Imw98okVgela0as5CqLVO7XJCjkD3N0HRAKSUpZr3y2amHY6MdefqTXeZty61ky:9L5ljasaU1Zat81wua7bUScTLTXO+2N
Malware Config
Targets
-
-
Target
sex.exe
-
Size
3.2MB
-
MD5
8723cc503a22121c16aff46292e93864
-
SHA1
c9a5e6e7e7ddb134a7e16659e344cf5f7f44fe84
-
SHA256
320bfe152dcc772f7a44379e7929d452dc2221b8cec9bc11344068832a143b6a
-
SHA512
f45bfb11d9f69613a89bdadc85ec90cb2e3eaa7cf40380e48a028966bcbd4cb9b6a225a16dc09036c1a65d3db9cabecc0c130c7c5c2605f41e53b4f708ecc6c7
-
SSDEEP
24576:7Imw98okVgela0as5CqLVO7XJCjkD3N0HRAKSUpZr3y2amHY6MdefqTXeZty61ky:9L5ljasaU1Zat81wua7bUScTLTXO+2N
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Avoslocker family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (10407) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1