2024-05-08_97a7503dffab0bbdf46c6ee4ff8453a3_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-08_97a7503dffab0bbdf46c6ee4ff8453a3_avoslocker_cobalt-strike
Size

621KB
MD5

97a7503dffab0bbdf46c6ee4ff8453a3
SHA1

71fb47e186899b2e9646729af280f5fab63b4d29
SHA256

37642280ab80b1828f0521aec9b6a4c98833ca261d2f204b2fd6bef68001658b
SHA512

eb7d71f1b1fe1678060bbd35cdf85b8ff30696054d8fec61a8c6b71cd49141b43611e40a882cf0f8be619647ec09b2e2f0766dba9c6b1f764d2a14ac40e49870
SSDEEP

12288:bfivOveuuFIvi2K1TD7gV5bfiVlUWTxJdBYHQHBmO8/edbso0lRBU2TAhyMjY1ch:bfivWeuuFIvVK1TD7gV5bfiVlUWTxJdH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-08_97a7503dffab0bbdf46c6ee4ff8453a3_avoslocker_cobalt-strike

Files

2024-05-08_97a7503dffab0bbdf46c6ee4ff8453a3_avoslocker_cobalt-strike
.exe windows:5 windows x86 arch:x86

9d1af81b7882ab95144b0f6e17651c8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\a\b\d_00000000_\b\binaries\Win32\Release\sfx_template.pdb

Imports

kernel32

GetFileAttributesW
DeleteFileW
GetTempPathW
GetModuleFileNameW
FreeLibrary
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
DecodePointer
DebugBreak
OutputDebugStringW
lstrlenA
GetModuleHandleExW
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetComputerNameW
GetSystemInfo
GetTickCount
LoadLibraryW
WaitForSingleObjectEx
CreateDirectoryW
GetVolumeInformationW
FindFirstFileExW
GetFullPathNameW
FindNextFileW
RemoveDirectoryW
FindClose
GetSystemDirectoryW
SetFileAttributesW
Sleep
SetVolumeLabelW
GetDiskFreeSpaceExW
GetCurrentDirectoryW
MoveFileW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetFileAttributesExW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetFileType
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
ExitProcess
GetStdHandle
FreeLibraryAndExitThread
SetFileTime
ExitThread
CreateThread
TlsFree
SetLastError
lstrlenW
CloseHandle
LockResource
LoadResource
SizeofResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
ReadFile
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetStartupInfoW
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
ResetEvent
SetEvent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
InitializeCriticalSectionEx
WriteFile
CreateFileW
GetCurrentThreadId
LocalFree
GetModuleHandleExA
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetLastError
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
WideCharToMultiByte
GetStringTypeW

user32

LoadStringW
MessageBoxW
GetActiveWindow
SendMessageW
UnregisterClassW
DialogBoxParamW
GetSystemMetrics
KillTimer
SetFocus
MessageBeep
EndDialog
SetDlgItemTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
GetDlgItem
SetWindowTextW
LoadIconW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
SetCursor
LoadCursorW
GetWindowLongW
DestroyWindow
DefWindowProcW
CharNextW
SetWindowLongW
SetTimer

advapi32

SetNamedSecurityInfoW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
CryptReleaseContext
CryptAcquireContextW
CryptDestroyKey
CryptExportKey
CryptImportKey
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoCreateGuid

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

crypt32

CertFreeCertificateContext
CryptStringToBinaryA
CertCreateCertificateContext
CryptEncodeObjectEx
CryptBinaryToStringA
CryptProtectData
CryptUnprotectData
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptUnprotectMemory
CryptProtectMemory

Exports

Exports

?GetTracer@@YAPAUITracer@eka@@XZ

Sections

.text
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d1af81b7882ab95144b0f6e17651c8b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

comctl32

crypt32

Exports

Exports

Sections

.text Size: 431KB - Virtual size: 431KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 431KB - Virtual size: 431KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 24KB - Virtual size: 24KB