2024-05-04_08b0aa1a74ad79c9fee6dc6383ae9a3f_avoslocker_cobalt-strike_floxif

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-04_08b0aa1a74ad79c9fee6dc6383ae9a3f_avoslocker_cobalt-strike_floxif
Size

877KB
MD5

08b0aa1a74ad79c9fee6dc6383ae9a3f
SHA1

84b877be96249e6658a390adcf2df6afc3dea9d2
SHA256

561be41dd96aa1d2959ba80f45484b9e7511778e55340bbacba80ec653d358ba
SHA512

bce24b9abfb7f23df58b77c087a145a18f06b3cedf660b4365c1a86acb43fa5abf74a4cf2afaabe39fdc7a86460a84b52c61db9769fd95cc12bbece35681df28
SSDEEP

24576:s8c++7EYvskVnM3kBHwYGGRqJVPv3qLCzrEH7G:laEcskVskBHwURq3qLCD

Score

1^/10

Malware Config

Signatures

Files

2024-05-04_08b0aa1a74ad79c9fee6dc6383ae9a3f_avoslocker_cobalt-strike_floxif
.exe windows:6 windows x86 arch:x86

2a41cd1156fc459ce83e566e778fa6e8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:ca:6a:31:d5:55:ee:e4:18:53:2f:4a:e4:ac:38:cb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/01/2023, 00:00

Not After

11/02/2026, 23:59

Subject

SERIALNUMBER=02096520,CN=Sophos Ltd,OU=Endpoint Security Group,O=Sophos Ltd,L=Abingdon,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:bf:87:52:ac:12:0b:5c:89:90:82:b3:43:51:ef:0c:d8:51:cc:e0:f6:06:72:2e:b1:8e:81:1c:1d:f1:cb:5f
Signer

Actual PE Digest

1d:bf:87:52:ac:12:0b:5c:89:90:82:b3:43:51:ef:0c:d8:51:cc:e0:f6:06:72:2e:b1:8e:81:1c:1d:f1:cb:5f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ALsvc.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
GetTokenInformation
SetSecurityDescriptorGroup
OpenThreadToken
GetLengthSid
OpenServiceW
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
OpenProcessToken
IsValidSid
ControlService
DeleteService
CopySid
SetServiceStatus
OpenSCManagerW
CloseServiceHandle
SetSecurityDescriptorOwner
CreateServiceW
RegNotifyChangeKeyValue
RegisterServiceCtrlHandlerExW
RegDeleteTreeW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
ConvertSidToStringSidA
IsWellKnownSid
GetSidSubAuthority
GetSidLengthRequired
SetNamedSecurityInfoW
InitializeSid
AddAce
InitializeAcl
RegEnumValueW

ole32

StringFromGUID2
CoRevokeClassObject
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoRegisterClassObject
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

user32

CharLowerA
RegisterWindowMessageW
CharNextW
PostThreadMessageW
GetMessageW
MessageBoxW
LoadStringW
DispatchMessageW

kernel32

HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
SizeofResource
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
CreateMutexW
CreateEventW
MultiByteToWideChar
CloseHandle
LoadResource
FindResourceW
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetCommandLineW
GetCurrentProcess
WaitForMultipleObjects
GetCurrentThreadId
SetEvent
GetCurrentThread
LockResource
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
ResetEvent
CreateProcessW
GetExitCodeProcess
LocalFree
IsWow64Process
SetThreadPriority
GetFileSizeEx
OpenProcess
GetCurrentProcessId
SetProcessWorkingSetSize
GetPrivateProfileStringW
GetModuleHandleExW
CreateFileW
RemoveDirectoryW
GetFileAttributesW
CreateTimerQueue
DeleteFileW
OutputDebugStringA
TerminateProcess
SetEnvironmentVariableW
SetSearchPathMode
HeapSetInformation
SetDllDirectoryW
GetFileInformationByHandleEx
GetStdHandle
WriteFile
DeviceIoControl
SetFilePointer
SetEndOfFile
Sleep
GetConsoleMode
GetFileInformationByHandle
WriteConsoleW
MoveFileExW
ReplaceFileW
FlushFileBuffers
WaitForSingleObject
FindClose
WideCharToMultiByte
FormatMessageW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
GetConsoleOutputCP
GetFileType
SetFileAttributesW
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualFree
DuplicateHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
ReadFile
ExitProcess
FreeLibraryAndExitThread
ExitThread
FormatMessageA
TryEnterCriticalSection
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
CreateDirectoryW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
GetTempPathW
AreFileApisANSI
SetLastError
CopyFileW
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
CreateThread

oleaut32

RegisterTypeLi
SysFreeString
VariantClear
VarUI4FromStr
SysStringLen
LoadTypeLi
VariantInit
LoadRegTypeLi
SysAllocString
UnRegisterTypeLi

iphlpapi

GetAdaptersAddresses

shell32

CommandLineToArgvW
SHGetFolderPathW

version

GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoW

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a41cd1156fc459ce83e566e778fa6e8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:ca:6a:31:d5:55:ee:e4:18:53:2f:4a:e4:ac:38:cbCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1d:bf:87:52:ac:12:0b:5c:89:90:82:b3:43:51:ef:0c:d8:51:cc:e0:f6:06:72:2e:b1:8e:81:1c:1d:f1:cb:5fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ole32

user32

kernel32

oleaut32

iphlpapi

shell32

version

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 18KB - Virtual size: 23KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 33KB - Virtual size: 32KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:ca:6a:31:d5:55:ee:e4:18:53:2f:4a:e4:ac:38:cb
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1d:bf:87:52:ac:12:0b:5c:89:90:82:b3:43:51:ef:0c:d8:51:cc:e0:f6:06:72:2e:b1:8e:81:1c:1d:f1:cb:5f
Signer

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 18KB - Virtual size: 23KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 33KB - Virtual size: 32KB