2024-06-12_1e2979e91fcd7765c70ab709f00423d8_avoslocker_cobalt-strike | Triage

Sharing

General

Target

2024-06-12_1e2979e91fcd7765c70ab709f00423d8_avoslocker_cobalt-strike
Size

921KB
MD5

1e2979e91fcd7765c70ab709f00423d8
SHA1

05d0564416460e13d9af19654391b2233b864765
SHA256

726c368f316604cb389f975590cde82ecfee89d48387e8e358f6c7794e236016
SHA512

aaaed3d3e4668cc77fb22188a8b7e62e8555cb119e5968316d8433868c0e7b33ca411165cdc78d94a598fa22c0055fcec3125e9e5313a4b88dd1ea4cff5c950b
SSDEEP

24576:0nkXEg1ZlhKG+WWZtCpDCE5Ie534SCeTpOl13R:0kXEg1ZlIzZtCpGE5j5oSHOlx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-12_1e2979e91fcd7765c70ab709f00423d8_avoslocker_cobalt-strike

Files

2024-06-12_1e2979e91fcd7765c70ab709f00423d8_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ