- First seen: June 2021
- Aliases:
- Samples:
- c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02 | windows | ransom | pe
- 7c935dcd672c4854495f41008120288e8e1c144089f1f06a23bd0a0f52a544b1 | linux | ransom | elf
| Property | Value |
|---|---|
| Size | 941120 bytes |
| CRC32 | 0x4addbd73 |
| MD5 | 825d6049ba8600ee5fefd817ac5444b4 |
| SHA1 | 31c4dfbf7029c5ca8334042faaf906477be1ec17 |
| SHA256 | c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02 |
| SHA512 | 43f30546ae519a902556412f5d0233a70c90181686e38dfe3c3751e462db91b0d189de1429f44805ba7bc188f5c5ff521eb26288f694f07f5868296f75d61bfa |
| Ssdeep | 24576:ID7x8JDwepWTu/g6YvOkAT5OdAP6tfKf2J9ObD:Ifx8JDwepWaOvOkANOdS6BT9gD |
| Magic | PE32 executable (console) Intel 80386, for MS Windows |
| Packer | PE: compiler: Microsoft Visual C/C++(-)[-] PE: linker: Microsoft Linker(14.27**)[EXE32,console] |
| TrID | 32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13) |
+ Avast: clean
+ Avira: clean
- Bitdefender: DeepScan:Generic.Ransom.AVOSLocker.A.508E1AC6
- Clamav: Win.Ransomware.Deepscan-9938939-0
- Comodo: Malware
- Drweb: Trojan.Encoder.34325
- Eset: Win32/Filecoder.AvosLocker.A
- Fsecure: Heuristic.HEUR/AGEN.1319806
- Kaspersky: HEUR:Trojan-Ransom.Win32.Cryptor.gen
+ Mcafee: clean
+ Sophos: clean
- Symantec: Trojan Horse
+ Trendmicro: clean
- Windefender: Ransom:Win32/AvosLocker.MK!MTB| Property | Value |
|---|---|
| Size | 1619392 bytes |
| CRC32 | 0xd97f377d |
| MD5 | e09183041930f37a38d0a776a63aa673 |
| SHA1 | 05c63ce49129f768d31c4bdb62ef5fb53eb41b54 |
| SHA256 | 7c935dcd672c4854495f41008120288e8e1c144089f1f06a23bd0a0f52a544b1 |
| SHA512 | 0b0da0cef40df7319e97fbd8547f12959ee64fffa1e7079bf9a669070f3fad98139b6eb4ee82538ab03ebc93212b0ca3ca0b9981ba9e7a437b2dae07ebcbadf9 |
| Ssdeep | 12288:3AY8qwK0cpmqgHqU9oakPK6EcK6E+Hg0rhBZ0AADaWi1x8kMsX3tt0nTolTUEwxC:3AYFwjoa+vi1CNUEwwsgbRTLxMe2l8 |
| Magic | ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=08d19ba5fee47d6ec41004bd9a5ecd9e6a16fa87, stripped |
| Packer | ELF64: library: GLIBC(2.3.4)[executable AMD64-64] ELF64: compiler: gcc(3.X)[executable AMD64-64] |
| TrID | 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1) |
+ Avast: clean
- Avira: Linux/Ransom.rxqck
- Bitdefender: Gen:Variant.Ransomware.Linux.AvosLocker.1
+ Clamav: clean
- Comodo: Malware
- Drweb: Linux.Encoder.127
- Eset: Linux/Filecoder.AvosLocker.A
- Fsecure: Malware.LINUX/Ransom.rxqck
- Kaspersky: HEUR:Trojan-Ransom.Linux.Agent.p
- Mcafee: LINUX/Filecoder.b
- Sophos: Linux/Ransm-P
- Symantec: Linux.RansomAvos
+ Trendmicro: clean
- Windefender: Ransom:Linux/AvosLocker.A!MTB