2024-05-02_9c259abda82ce329b386da9ac304a231_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_9c259abda82ce329b386da9ac304a231_avoslocker_cobalt-strike
Size

585KB
MD5

9c259abda82ce329b386da9ac304a231
SHA1

c6a033db5a273d9cc0c6ce5ad831411518b8a245
SHA256

e7e17801734a72b82ba26ced602c66b3ef84809cd6ae9f4dfd9b1038f8d85c05
SHA512

15b28009a62994358c594bcc49fead54654e58cbc672019ec12320a1daf2435be233085d9bddc635b6c937ba98620d74bcf357bd9a996ec1aa47db967b928f96
SSDEEP

12288:1zfxIa6OZ7KleHpO044forPh8eEK+Nxna/28DZjz:ZfQnwpOSfort+mD5

Score

10^/10

Malware Config

Signatures

Detects executables packed with Silent Install Builder 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_SilentInstallBuilder

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-02_9c259abda82ce329b386da9ac304a231_avoslocker_cobalt-strike

Files

2024-05-02_9c259abda82ce329b386da9ac304a231_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

6164c4c4fc10571a95508e3287a62fb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\apreltech\Sib\Sibl\Release\Sibuia.pdb

Imports

kernel32

ResumeThread
GlobalFlags
GetLocaleInfoW
GetCurrentDirectoryW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetStdHandle
ExitProcess
GetCommandLineW
GetCommandLineA
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
GetFileType
GetDriveTypeW
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
LCMapStringW
lstrlenW
MoveFileExW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
RaiseException
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
GetSystemDirectoryW
EncodePointer
GetCurrentProcessId
lstrcmpA
LoadLibraryA
LoadLibraryExW
WriteFile
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
OutputDebugStringA
GetACP
DeleteCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
DecodePointer
SetConsoleOutputCP
GlobalFree
ExitThread
lstrcpynW
FormatMessageW
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalAlloc
QueryInformationJobObject
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
OpenProcess
VirtualFree
VirtualAlloc
GetVersionExW
CreateThread
GetCurrentThread
GetProcessHeap
HeapFree
HeapAlloc
GetTempPathW
GetTempFileNameW
SetFilePointer
GetFileAttributesW
CreateFileW
LoadLibraryW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
CreateProcessW
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
Sleep
WaitForSingleObject
GetLastError
DuplicateHandle
CloseHandle
SetFileTime
SetFileAttributesW
ReadFile
DeleteFileW
SetCurrentDirectoryW
SetStdHandle
ExpandEnvironmentStringsW

user32

GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
GetSysColor
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
EndPaint
SetForegroundWindow
GetForegroundWindow
CreateDesktopW
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsMenu
IsWindow
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SetWindowTextW
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
BeginPaint
SetThreadDesktop
CloseDesktop
GetThreadDesktop
DefWindowProcW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
CopyRect
SendMessageW
PostMessageW
IsWindowVisible
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClientRect
ClientToScreen
ScreenToClient
EnumWindows
GetWindowThreadProcessId
wsprintfW
SetRectEmpty
OffsetRect
GetParent
GetSubMenu
RealChildWindowFromPoint
DestroyMenu
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
PostQuitMessage
GetDlgCtrlID
GetMenuItemID
GetMenuItemCount
CharUpperW
GetSystemMetrics
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetLastActivePopup
GetScrollPos
GetWindowTextW
GetWindow

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetStockObject
GetClipBox
Escape
DeleteObject
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps
DeleteDC

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
RegUnLoadKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetFolderPathW
ord51

shlwapi

PathFindFileNameW
PathFindExtensionW
PathMatchSpecW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFileExistsW

ole32

CoCreateInstance
CoInitializeEx
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
VariantChangeType
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantClear
VariantInit
SysAllocString

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

winhttp

WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpReadData

ws2_32

connect
send
socket
WSAStartup
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
closesocket

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6164c4c4fc10571a95508e3287a62fb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

rpcrt4

winhttp

ws2_32

oleacc

Sections

.text Size: 450KB - Virtual size: 450KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 450KB - Virtual size: 450KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 20KB