avoslocker | 62a9b760a2f94f4e1be8784e5d8394bb76e9981a4ae2426237e5b6fdf4538c9a | Triage

Submit
Reports

Overview

overview

Static

static

3

test.exe

windows7-x64

test.exe

windows10-2004-x64

Sharing

General

Target

test.exe
Size

1.6MB
Sample

241229-frpdestkhz
MD5

e02f95741041a4da9ca26d2f20fc28da
SHA1

91555f9e13ab54363f3f4f129cdadb6c225b6c20
SHA256

62a9b760a2f94f4e1be8784e5d8394bb76e9981a4ae2426237e5b6fdf4538c9a
SHA512

921aea6afc16d4036a14b8ad5d7f268d29405979ef83b9b94c0023a9721735b6d7e1ce461c31d5b230c6160906f61f703e73637cf1197b9584bf816617ea3ec1
SSDEEP

24576:/Imw98okVgela0as5CqLVO7XJCjkD3N0HRADV0aEhbHdn0TrldepPZ:ZL5ljasaU4eaEhDF

Score

10^/10

avoslocker defense_evasion discovery evasion execution impact ransomware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

test.exe

Resource

win7-20240903-en

avoslocker defense_evasion discovery evasion execution impact ransomware upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

test.exe

Resource

win10v2004-20241007-en

avoslocker defense_evasion discovery evasion execution impact ransomware upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  test.exe
- Size
  
  1.6MB
- MD5
  
  e02f95741041a4da9ca26d2f20fc28da
- SHA1
  
  91555f9e13ab54363f3f4f129cdadb6c225b6c20
- SHA256
  
  62a9b760a2f94f4e1be8784e5d8394bb76e9981a4ae2426237e5b6fdf4538c9a
- SHA512
  
  921aea6afc16d4036a14b8ad5d7f268d29405979ef83b9b94c0023a9721735b6d7e1ce461c31d5b230c6160906f61f703e73637cf1197b9584bf816617ea3ec1
- SSDEEP
  
  24576:/Imw98okVgela0as5CqLVO7XJCjkD3N0HRADV0aEhbHdn0TrldepPZ:ZL5ljasaU4eaEhDF
Score

10^/10

avoslocker defense_evasion discovery evasion execution impact ransomware upx
- Avoslocker Ransomware
  Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
  ransomware avoslocker
- Avoslocker family
  avoslocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (10428) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwareupx

behavioral2

avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomwareupx

© 2018-2025

Terms | Privacy