2024-05-09_a9f508d285529523ae79c9285bc569c1_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_a9f508d285529523ae79c9285bc569c1_avoslocker_cobalt-strike
Size

291KB
MD5

a9f508d285529523ae79c9285bc569c1
SHA1

a29b5bc0f7458f381cf6431dde60856f4fe6c61f
SHA256

108720e7344b0e35c1b6e8b815400c677423ab4c28777d060aef6e9cb2de3dc0
SHA512

7fd11a3a5fc6a43d7c2e78e9afcbfa7c126a3fa5ce7e6152cb4b53e2a3fbc207fb4135344be96782e18f5d34e563993e06e96ff965d474d3b75109a66902565e
SSDEEP

6144:utoaPw11a4PNTOCVBoP8Ul9ORJBO/qiFEFAOmK3KP44x+VfG4C:uto7W4PNTOCVBoP8Ul9OR8quEFwK3K9F

Score

1^/10

Malware Config

Signatures

Files

2024-05-09_a9f508d285529523ae79c9285bc569c1_avoslocker_cobalt-strike
.exe windows:5 windows x86 arch:x86

f4627ed8da0af5a94920776b6b50778e

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:48:8a:d7:e4:ba:ba:7f:93:e3:32:3c:05:73:bf:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/04/2020, 00:00

Not After

24/08/2022, 12:00

Subject

CN=Brave Software\, Inc.,OU=Brave Software,O=Brave Software\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:48:8a:d7:e4:ba:ba:7f:93:e3:32:3c:05:73:bf:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/04/2020, 00:00

Not After

24/08/2022, 12:00

Subject

CN=Brave Software\, Inc.,OU=Brave Software,O=Brave Software\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:87:d4:71:bd:33:5d:2d:b7:80:87:4e:2f:bc:e5:8f:2b:4c:37:67:c0:ac:b8:06:b5:bd:83:92:2e:7f:1a:e9
Signer

Actual PE Digest

b3:87:d4:71:bd:33:5d:2d:b7:80:87:4e:2f:bc:e5:8f:2b:4c:37:67:c0:ac:b8:06:b5:bd:83:92:2e:7f:1a:e9

Digest Algorithm

sha256

PE Digest Matches

true

41:c5:b1:08:73:55:f6:b2:87:3b:3f:18:af:bc:31:2a:10:da:d1:79
Signer

Actual PE Digest

41:c5:b1:08:73:55:f6:b2:87:3b:3f:18:af:bc:31:2a:10:da:d1:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

BraveCrashHandler_unsigned.pdb

Imports

kernel32

GetProcessHeap
DeleteCriticalSection
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
GetProcAddress
ReadFile
CreateFileW
WriteConsoleW
CreateDirectoryW
SizeofResource
RemoveDirectoryW
WaitForMultipleObjects
GetEnvironmentVariableW
WaitForSingleObject
ReleaseMutex
DuplicateHandle
LockResource
DeleteFileW
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
LocalFree
lstrcmpiW
WaitNamedPipeW
GetTickCount
GetExitCodeProcess
GetTempPathW
VirtualQuery
OpenProcess
Sleep
ReadProcessMemory
lstrlenW
SetFilePointer
GetFileAttributesExW
MoveFileExW
GetFileTime
CreateProcessW
SetProcessWorkingSetSize
GetPrivateProfileIntW
OutputDebugStringA
GetPrivateProfileStringW
GetLocalTime
lstrcmpW
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
InitializeCriticalSection
CreateMutexW
lstrcpynW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
WaitForDebugEvent
GetProcessId
DebugActiveProcessStop
ContinueDebugEvent
GetSystemInfo
GetThreadContext
DebugActiveProcess
VirtualQueryEx
SetNamedPipeHandleState
CreateSemaphoreW
ReleaseSemaphore
RtlCaptureContext
CreateThread
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
TransactNamedPipe
GetSystemDefaultLangID
GetUserDefaultLangID
DeviceIoControl
GetComputerNameExW
ConnectNamedPipe
GetOverlappedResult
DisconnectNamedPipe
CreateNamedPipeW
GetProcessTimes
UnregisterWait
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
HeapFree

user32

GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CharUpperW
wvsprintfW
GetMessageW
DispatchMessageW
PeekMessageW
GetProcessWindowStation
CreateWindowStationW
PostThreadMessageW
OpenClipboard
CloseClipboard
EmptyClipboard
SetProcessWindowStation
CreateDesktopW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
wsprintfW
SetClipboardData
CharLowerW
MessageBoxW

advapi32

SetTokenInformation
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
AddAce
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
ConvertStringSidToSidW
CopySid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
EqualSid
GetAce
SetSecurityDescriptorOwner
GetAclInformation
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
OpenThreadToken
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorSacl

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW

netapi32

NetWkstaGetInfo
NetApiBufferFree
NetGetJoinInformation

rpcrt4

UuidCreate

shlwapi

PathStripPathW
PathRemoveExtensionW
PathRemoveFileSpecW
SHQueryValueExW
PathIsRelativeW
PathAppendW
PathCanonicalizeW

userenv

UnloadUserProfile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4627ed8da0af5a94920776b6b50778e

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

05:48:8a:d7:e4:ba:ba:7f:93:e3:32:3c:05:73:bf:3cCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:48:8a:d7:e4:ba:ba:7f:93:e3:32:3c:05:73:bf:3cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

b3:87:d4:71:bd:33:5d:2d:b7:80:87:4e:2f:bc:e5:8f:2b:4c:37:67:c0:ac:b8:06:b5:bd:83:92:2e:7f:1a:e9Signer

41:c5:b1:08:73:55:f6:b2:87:3b:3f:18:af:bc:31:2a:10:da:d1:79Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

netapi32

rpcrt4

shlwapi

userenv

version

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 10KB - Virtual size: 10KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

05:48:8a:d7:e4:ba:ba:7f:93:e3:32:3c:05:73:bf:3c
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:48:8a:d7:e4:ba:ba:7f:93:e3:32:3c:05:73:bf:3c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b3:87:d4:71:bd:33:5d:2d:b7:80:87:4e:2f:bc:e5:8f:2b:4c:37:67:c0:ac:b8:06:b5:bd:83:92:2e:7f:1a:e9
Signer

41:c5:b1:08:73:55:f6:b2:87:3b:3f:18:af:bc:31:2a:10:da:d1:79
Signer

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 10KB - Virtual size: 10KB