Overview

overview

10

Static

static

3

sex.exe

windows7-x64

10

sex.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sex.exe

  • Size

    3.2MB

  • Sample

    241229-apr4mswqfn

  • MD5

    9e85a92de58c89babecf27e74f85d3f4

  • SHA1

    d955b86d566325a2ac8960b45c2cf336ddac4717

  • SHA256

    4b0f1abf2abfd7a9a291425227844bf98b3aa0ac499268b52f69f297bda90839

  • SHA512

    84e094d097ed6ac187d7d301d6a772ca59cfebc829e63cca70685d7176111a3afbad4ff4908932b0ec436a34a302fd53a4fce97aeda126796daab5b130fc72d9

  • SSDEEP

    24576:8SUpZr3y2amHY6MdefqTXeZty61kSSTKa7WsUS2VSs+stModjGdbzfDUBB355zs/:oZat81wua7bUScTLTXO+2NwL5ljasaU

Score
10/10
avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwaretrojanupx

Malware Config

Targets

    • Target

      sex.exe

    • Size

      3.2MB

    • MD5

      9e85a92de58c89babecf27e74f85d3f4

    • SHA1

      d955b86d566325a2ac8960b45c2cf336ddac4717

    • SHA256

      4b0f1abf2abfd7a9a291425227844bf98b3aa0ac499268b52f69f297bda90839

    • SHA512

      84e094d097ed6ac187d7d301d6a772ca59cfebc829e63cca70685d7176111a3afbad4ff4908932b0ec436a34a302fd53a4fce97aeda126796daab5b130fc72d9

    • SSDEEP

      24576:8SUpZr3y2amHY6MdefqTXeZty61kSSTKa7WsUS2VSs+stModjGdbzfDUBB355zs/:oZat81wua7bUScTLTXO+2NwL5ljasaU

    Score
    10/10
    avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwareupxtrojan

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Avoslocker family

      avoslocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Renames multiple (10416) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks