was discovered by Trend Micro researchers to have a new variant that could facilitate antivirus system deactivation and evade detection, The Hacker News
"This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys). In addition, the ransomware is also capable of scanning multiple endpoints for the Log4j vulnerability (Log4shell) using Nmap NSE script," wrote Trend Micro researchers Alvin Nieto and Christopher Ordonez.
Most attacks by AvosLocker between July 2021 and February 2022 have been targeted at the food and beverage industry, followed by organizations in the technology, finance, telecom, and media sectors.The report noted that a Zoho ManageEngine ADSelfService Plus software remote code execution flaw exploit was leveraged to initiate the attack."
The HTA executed an obfuscated PowerShell script that contains a shellcode, capable of connecting back to the [command-and-control] server to execute arbitrary commands," researchers said.