2024-05-09_b34f02d9b119b8e12ba056b0545e42b6_avoslocker_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_b34f02d9b119b8e12ba056b0545e42b6_avoslocker_revil
Size

3.8MB
MD5

b34f02d9b119b8e12ba056b0545e42b6
SHA1

f0d230176794e3af7f13569ca307a6ab16de0725
SHA256

73d66c8b538e9b3371f9ea2d08471edc90b9a160e15e27c4e70b5e0f9bf03326
SHA512

ded0b08822a6affcfa211008f012991ec79d2b50bf6b6001331d016808d19f2db7928d4ed338b0114ec8557ea67cb30ae781551d149b0292472330f5f538aa7c
SSDEEP

98304:bhVGpmRk2D0bSftkUSH89P69SXPvp0PgvpL463:zGpmR/tvp0ovpL4U

Score

1^/10

Malware Config

Signatures

Files

2024-05-09_b34f02d9b119b8e12ba056b0545e42b6_avoslocker_revil
.exe windows:6 windows x86 arch:x86

ae5e44c56009e512022319c3869ea024

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:b8:e3:51:32:29:9d:79:1d:14:df:cc:55:35:b4:4a
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

21/06/2021, 00:00

Not After

20/06/2024, 23:59

Subject

CN=Mudfish Networks Inc.,O=Mudfish Networks Inc.,L=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f7:24:88:6b:af:98:e0:58:54:85:cf:47:32:64:b9:b5:f9:a2:69:32
Signer

Actual PE Digest

f7:24:88:6b:af:98:e0:58:54:85:cf:47:32:64:b9:b5:f9:a2:69:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\ttol\bin\mudrun\mudrun.pdb

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
DeregisterEventSource

dbghelp

SymInitialize
SymFromAddr

iphlpapi

GetIpForwardTable
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
GetAdaptersInfo

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
GetDIBits
GetObjectA
SelectObject

psapi

GetModuleFileNameExA
GetProcessMemoryInfo
EnumProcesses
GetModuleBaseNameA
EnumProcessModules

shell32

Shell_NotifyIconA
ExtractIconExA

shlwapi

PathAppendA
PathRemoveFileSpecA

user32

MessageBoxW
MessageBoxA
RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
PostQuitMessage
RegisterClassExA
CreateWindowExA
ShowWindow
IsWindowVisible
CreatePopupMenu
AppendMenuA
TrackPopupMenu
SetForegroundWindow
GetCursorPos
LoadCursorA
LoadIconA
GetWindowDC
DestroyIcon
GetDesktopWindow
ReleaseDC
GetUserObjectInformationW
GetProcessWindowStation
GetIconInfo

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winhttp

WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetOption

ws2_32

accept
getsockopt
WSACleanup
closesocket
ioctlsocket
htonl
inet_addr
inet_ntoa
recv
send
sendto
setsockopt
shutdown
WSAStartup
WSAGetLastError
inet_ntop
WSASetLastError
__WSAFDIsSet
select
bind
connect
listen
socket
getaddrinfo
freeaddrinfo
getpeername
getsockname
ntohs
htons
recvfrom
gethostbyname
inet_pton
getnameinfo

kernel32

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
ExitProcess
GetCPInfo
FreeLibraryAndExitThread
GetLocaleInfoW
CreateThread
CreateProcessW
WriteConsoleW
GetModuleFileNameW
GetFileSizeEx
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
DecodePointer
GetExitCodeProcess
GetStringTypeW
SetStdHandle
GetTimeZoneInformation
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
IsValidCodePage
GetACP
LCMapStringW
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
EncodePointer
CompareStringW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitThread
GetConsoleOutputCP
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindNextFileW
FindFirstFileW
FindClose
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleW
GetCurrentProcessId
SwitchToThread
SetCurrentDirectoryA
CreateFileA
ReadFile
GetTempPathA
GetTempFileNameA
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
GetVersionExA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageA
CreateFileMappingA
OpenFileMappingA
DuplicateHandle
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentThread
GetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
CreateSemaphoreA
SystemTimeToFileTime
ExpandEnvironmentStringsA
CreateProcessA
FlushFileBuffers
GetTickCount
CreateFileMappingW
WideCharToMultiByte
FreeLibrary
GetProcessHeap
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
MultiByteToWideChar
HeapSize
HeapValidate
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
RaiseException
TryEnterCriticalSection
DeleteCriticalSection
SetHandleInformation
FatalAppExitA
CreatePipe
TerminateProcess
OpenProcess
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GlobalAlloc
GlobalFree
LocalAlloc
GetEnvironmentVariableA
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
SetEnvironmentVariableW

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae5e44c56009e512022319c3869ea024

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e8:b8:e3:51:32:29:9d:79:1d:14:df:cc:55:35:b4:4aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

f7:24:88:6b:af:98:e0:58:54:85:cf:47:32:64:b9:b5:f9:a2:69:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

dbghelp

iphlpapi

gdi32

psapi

shell32

shlwapi

user32

version

winhttp

ws2_32

kernel32

crypt32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 470KB - Virtual size: 470KB

.data Size: 185KB - Virtual size: 223KB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 100KB - Virtual size: 100KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e8:b8:e3:51:32:29:9d:79:1d:14:df:cc:55:35:b4:4a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

f7:24:88:6b:af:98:e0:58:54:85:cf:47:32:64:b9:b5:f9:a2:69:32
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 470KB - Virtual size: 470KB

.data
Size: 185KB - Virtual size: 223KB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 100KB - Virtual size: 100KB