General
-
Target
test.exe
-
Size
3.2MB
-
Sample
241229-fs7amatlaq
-
MD5
b04b6f1b897e829ff58dc99f18be1a8a
-
SHA1
9a99cc16e540e341655a259650caf58ec14956ac
-
SHA256
962da1faf888b28b2ec26fd1ea547fecfb2edc1cf30e64328b18309e98448b11
-
SHA512
7e2f9c691d23288fddad062f4c3e197ab84010c03418088b10060a5c720d34b153937e68b72ba13a6819eefd0d15c8a3e280fb1bbb4771d22566c7fb6838f07b
-
SSDEEP
24576:4Imw98okVgela0as5CqLVO7XJCjkD3N0HRAjSUpZr3y2amHY6MdefqTXeZty61ky:OL5ljasaUoZat81wua7bUScTLTXO+2N
Malware Config
Targets
-
-
Target
test.exe
-
Size
3.2MB
-
MD5
b04b6f1b897e829ff58dc99f18be1a8a
-
SHA1
9a99cc16e540e341655a259650caf58ec14956ac
-
SHA256
962da1faf888b28b2ec26fd1ea547fecfb2edc1cf30e64328b18309e98448b11
-
SHA512
7e2f9c691d23288fddad062f4c3e197ab84010c03418088b10060a5c720d34b153937e68b72ba13a6819eefd0d15c8a3e280fb1bbb4771d22566c7fb6838f07b
-
SSDEEP
24576:4Imw98okVgela0as5CqLVO7XJCjkD3N0HRAjSUpZr3y2amHY6MdefqTXeZty61ky:OL5ljasaUoZat81wua7bUScTLTXO+2N
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Avoslocker family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (10382) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1