2024-05-28_b6d62541ee6554b8520bf4904e2fbc76_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_b6d62541ee6554b8520bf4904e2fbc76_avoslocker_cobalt-strike
Size

597KB
MD5

b6d62541ee6554b8520bf4904e2fbc76
SHA1

1e5e4a1db53f55728bda9fcda378b429f6698f74
SHA256

e2df3f8e60b3ce39fcd1f9bd701badfc6ebe9f73725e9ff5db252ae71b9d65f1
SHA512

c3dd46d9119d9f7b820c55b561fec721efdc1bd4d00cbb6fc5feae933330a042083199b02d880e76535cc897486d36a70293d075c6aceae0b082d9a98dfaf8ed
SSDEEP

12288:s2IHPyZyANBfU/Q2pL3GzyilLTcRy8fQkXv4IcOX5kLjF:EvWNEpjVilLdORkLj

Score

10^/10

Malware Config

Signatures

Detects executables packed with Silent Install Builder 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_SilentInstallBuilder

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-28_b6d62541ee6554b8520bf4904e2fbc76_avoslocker_cobalt-strike

Files

2024-05-28_b6d62541ee6554b8520bf4904e2fbc76_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

d4af602b693fa667d3fca1025af382d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\apreltech\Sib\Sibl\Release\Sibuia.pdb

Imports

kernel32

ResumeThread
GlobalFlags
GetLocaleInfoW
GetCurrentDirectoryW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
ExitProcess
GetCommandLineW
GetCommandLineA
HeapQueryInformation
FreeLibraryAndExitThread
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetDriveTypeW
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
LCMapStringW
lstrlenW
MoveFileExW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
RaiseException
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
GetSystemDirectoryW
EncodePointer
GetCurrentProcessId
lstrcmpA
LoadLibraryA
LoadLibraryExW
WriteFile
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
OutputDebugStringA
GetACP
DeleteCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
DecodePointer
SetConsoleOutputCP
GlobalFree
ExitThread
lstrcpynW
FormatMessageW
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalAlloc
QueryInformationJobObject
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
OpenProcess
VirtualFree
VirtualAlloc
GetVersionExW
CreateThread
GetCurrentThread
GetProcessHeap
HeapFree
HeapAlloc
GetTempPathW
GetTempFileNameW
SetFilePointer
GetFileAttributesW
CreateFileW
LoadLibraryW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
CreateProcessW
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
Sleep
WaitForSingleObject
GetLastError
DuplicateHandle
CloseHandle
SetFileTime
SetFileAttributesW
ReadFile
DeleteFileW
SetCurrentDirectoryW
SetFilePointerEx
ExpandEnvironmentStringsW

user32

GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
GetSysColor
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
EndPaint
SetForegroundWindow
GetForegroundWindow
CreateDesktopW
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsMenu
IsWindow
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SetWindowTextW
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
BeginPaint
SetThreadDesktop
CloseDesktop
GetThreadDesktop
DefWindowProcW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
CopyRect
SendMessageW
PostMessageW
IsWindowVisible
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClientRect
ClientToScreen
ScreenToClient
EnumWindows
GetWindowThreadProcessId
wsprintfW
SetRectEmpty
OffsetRect
GetParent
GetSubMenu
RealChildWindowFromPoint
DestroyMenu
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
PostQuitMessage
GetDlgCtrlID
GetMenuItemID
GetMenuItemCount
CharUpperW
GetSystemMetrics
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetLastActivePopup
GetScrollPos
GetWindowTextW
GetWindow

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetStockObject
GetClipBox
Escape
DeleteObject
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps
DeleteDC

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
RegUnLoadKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetFolderPathW
ord51

shlwapi

PathFindFileNameW
PathFindExtensionW
PathMatchSpecW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFileExistsW

ole32

CoCreateInstance
CoInitializeEx
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantChangeType
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantClear
VariantInit

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

winhttp

WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpReadData

ws2_32

connect
send
socket
WSAStartup
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
closesocket

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4af602b693fa667d3fca1025af382d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

rpcrt4

winhttp

ws2_32

oleacc

Sections

.text Size: 458KB - Virtual size: 457KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 458KB - Virtual size: 457KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 21KB - Virtual size: 20KB