498ccb5e245b4a20f8a4aa7bd236fae1e017809b399bb810bc803fd6cb59ff1e | Triage

Submit
Reports

Overview

overview

6

Static

static

1

2024-05-23...ke.exe

windows7-x64

6

2024-05-23...ke.exe

windows10-2004-x64

6

Sharing

General

Target

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike
Size

495KB
Sample

240523-b6tjgahb7w
MD5

385d407abb78767b5d6f67b5a3492742
SHA1

c1b8e1cca335ff6beab36ca1994e42a69506c85a
SHA256

498ccb5e245b4a20f8a4aa7bd236fae1e017809b399bb810bc803fd6cb59ff1e
SHA512

19abac3c6931e1d0176cf06d93e5c6e6d5e580fb3aa6ac41e9bbd45ec2b9bafd51e48a111035d67e28cbb113d09d4f0852b4161d13f4f8b62a3d74cc83229a7d
SSDEEP

6144:g7WQ0j4ltziolIGlnE2deWdrlBu0R+J5JlLgPYfq8ZF02IlLZD30nXes2H:Ii4lZiopdfu0R+J5JlLgPbD30nF2H

Score

6^/10

evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe

Resource

win7-20240215-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-05-23_385d407abb78767b5d6f67b5a3492742_avoslocker_cobalt-strike
- Size
  
  495KB
- MD5
  
  385d407abb78767b5d6f67b5a3492742
- SHA1
  
  c1b8e1cca335ff6beab36ca1994e42a69506c85a
- SHA256
  
  498ccb5e245b4a20f8a4aa7bd236fae1e017809b399bb810bc803fd6cb59ff1e
- SHA512
  
  19abac3c6931e1d0176cf06d93e5c6e6d5e580fb3aa6ac41e9bbd45ec2b9bafd51e48a111035d67e28cbb113d09d4f0852b4161d13f4f8b62a3d74cc83229a7d
- SSDEEP
  
  6144:g7WQ0j4ltziolIGlnE2deWdrlBu0R+J5JlLgPYfq8ZF02IlLZD30nXes2H:Ii4lZiopdfu0R+J5JlLgPbD30nF2H
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy