99959c5141f62d4fbb60efdc05260b6e956651963d29c36845f435815062fd98

General

Target

2025-03-18_3e063dc0de937df5841cb9c2ff3e4651_avoslocker_cobalt-strike_luca-stealer
Size

719KB
Sample

250318-1dktas1ry2
MD5

3e063dc0de937df5841cb9c2ff3e4651
SHA1

e683bfaeb1a695ff9ef1759cf1944fa3bb3b6948
SHA256

99959c5141f62d4fbb60efdc05260b6e956651963d29c36845f435815062fd98
SHA512

9a0d0c04b95bbf8c73beb398cc72fa8e9dc87e3149e8c2f43b05fca4ef8e4410c1d65ed11e50b01d24719ce6a8996448944ab56601ef65116614a17f2e10d23f
SSDEEP

12288:aKRHZl7Lup6ySk3QYktDNYlg2317DJtY7wdD30qoifK/Ke5ABa4QP9+NrMke03f9:aKslHY7wdD30qnfsKxB+ZKX55WsSuFrl

Score

10^/10

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\README.txt

Ransom Note

--= No news is a good news ! =-- Your network has been breached and all your files Personal data, financial reports and important documents has been stolen , encrypted and ready to publish to public, if you willing to continue your bussines and make more money and keep bussines secret safe you need to restore your files first, And to restore all your files you have to pay the ransom in Bitcoin. don't bother your self and wast your time or make it more harder on your bussines , we developed a locker that can't be decrypted using third part decrypters . making your self geek and trying to restore the files with third part decrypter this will leads to lose all your date ! and then the even you pay the ransom can't help you to restore your files even us. to chat with us : 1 - Download tor browser https://www.torproject.org/download/ 2 - go to one of these links above http://vanhelcbxqt4tqie6fuevfng2bsdtxgc7xslo2yo7nitaacdfrlpxnqd.onion http://vanhelqmjstkvlhrjwzgjzpq422iku6wlggiz5y5r3rmfdeiaj3ljaid.onion http://vanhelsokskrlaacilyfmtuqqa5haikubsjaokw47f3pt3uoivh6cgad.onion http://vanheltarnbfjhuvggbncniap56dscnzz5yf6yjmxqivqmb5r2gmllad.onion 3 - you will be asked for your ticket id to enter the chat this for you : TICKET ID 6994669932656897989 usefull links : #OUR TOR BLOG : http://vanhelvuuo4k3xsiq626zkqvp6kobc2abry5wowxqysibmqs5yjh4uqd.onion http://vanhelwmbf2bwzw7gmseg36qqm4ekc5uuhqbsew4eihzcahyq7sukzad.onion http://vanhelxjo52qr2ixcmtjayqqrcodkuh36n7uq7q7xj23ggotyr3y72yd.onion

URLs

http://vanhelcbxqt4tqie6fuevfng2bsdtxgc7xslo2yo7nitaacdfrlpxnqd.onion

http://vanhelqmjstkvlhrjwzgjzpq422iku6wlggiz5y5r3rmfdeiaj3ljaid.onion

http://vanhelsokskrlaacilyfmtuqqa5haikubsjaokw47f3pt3uoivh6cgad.onion

http://vanheltarnbfjhuvggbncniap56dscnzz5yf6yjmxqivqmb5r2gmllad.onion

http://vanhelvuuo4k3xsiq626zkqvp6kobc2abry5wowxqysibmqs5yjh4uqd.onion

http://vanhelwmbf2bwzw7gmseg36qqm4ekc5uuhqbsew4eihzcahyq7sukzad.onion

http://vanhelxjo52qr2ixcmtjayqqrcodkuh36n7uq7q7xj23ggotyr3y72yd.onion

Targets

- Target
  
  2025-03-18_3e063dc0de937df5841cb9c2ff3e4651_avoslocker_cobalt-strike_luca-stealer
- Size
  
  719KB
- MD5
  
  3e063dc0de937df5841cb9c2ff3e4651
- SHA1
  
  e683bfaeb1a695ff9ef1759cf1944fa3bb3b6948
- SHA256
  
  99959c5141f62d4fbb60efdc05260b6e956651963d29c36845f435815062fd98
- SHA512
  
  9a0d0c04b95bbf8c73beb398cc72fa8e9dc87e3149e8c2f43b05fca4ef8e4410c1d65ed11e50b01d24719ce6a8996448944ab56601ef65116614a17f2e10d23f
- SSDEEP
  
  12288:aKRHZl7Lup6ySk3QYktDNYlg2317DJtY7wdD30qoifK/Ke5ABa4QP9+NrMke03f9:aKslHY7wdD30qnfsKxB+ZKX55WsSuFrl
Score

10^/10

credential_access discovery ransomware spyware stealer
- Renames multiple (8362) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2