avoslocker | c86508858d0d77d2d0e1173048567d2aed229c16be889a8bb663867e263e93d4 | Triage

Submit
Reports

Overview

overview

Static

static

3

c86508858d...4N.exe

windows7-x64

c86508858d...4N.exe

windows10-2004-x64

Sharing

General

Target

c86508858d0d77d2d0e1173048567d2aed229c16be889a8bb663867e263e93d4N.exe
Size

1.1MB
Sample

241230-wannkatqa1
MD5

63f78b94b52347babbb4965413d7c1c0
SHA1

4e80d300969f92bdaf678135b93264b6bd69ffe4
SHA256

c86508858d0d77d2d0e1173048567d2aed229c16be889a8bb663867e263e93d4
SHA512

8c66b90ceabf9d4e29be053c44190926b662998699f091e04136f926371e7dbb3d5670e61b524c787431a25caf464b0906f343e57ab3da6d309413c1b70ced5c
SSDEEP

24576:aImw98okVgela0as5CqLVO7XJCjkD3N0HRA:EL5ljasaU

Score

10^/10

avoslocker defense_evasion discovery evasion execution impact ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c86508858d0d77d2d0e1173048567d2aed229c16be889a8bb663867e263e93d4N.exe

Resource

win7-20240903-en

avoslocker defense_evasion discovery evasion execution impact ransomware

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

c86508858d0d77d2d0e1173048567d2aed229c16be889a8bb663867e263e93d4N.exe

Resource

win10v2004-20241007-en

avoslocker defense_evasion discovery evasion execution impact ransomware

windows10-2004-x64

19 signatures

120 seconds

Malware Config

Targets

- Target
  
  c86508858d0d77d2d0e1173048567d2aed229c16be889a8bb663867e263e93d4N.exe
- Size
  
  1.1MB
- MD5
  
  63f78b94b52347babbb4965413d7c1c0
- SHA1
  
  4e80d300969f92bdaf678135b93264b6bd69ffe4
- SHA256
  
  c86508858d0d77d2d0e1173048567d2aed229c16be889a8bb663867e263e93d4
- SHA512
  
  8c66b90ceabf9d4e29be053c44190926b662998699f091e04136f926371e7dbb3d5670e61b524c787431a25caf464b0906f343e57ab3da6d309413c1b70ced5c
- SSDEEP
  
  24576:aImw98okVgela0as5CqLVO7XJCjkD3N0HRA:EL5ljasaU
Score

10^/10

avoslocker defense_evasion discovery evasion execution impact ransomware
- Avoslocker Ransomware
  Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
  ransomware avoslocker
- Avoslocker family
  avoslocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (10360) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomware

behavioral2

avoslockerdefense_evasiondiscoveryevasionexecutionimpactransomware

© 2018-2025

Terms | Privacy