2024-06-13_2b7014a0bd7d1cd245dc2693c8a8d34c_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-13_2b7014a0bd7d1cd245dc2693c8a8d34c_avoslocker_cobalt-strike
Size

985KB
MD5

2b7014a0bd7d1cd245dc2693c8a8d34c
SHA1

da8a0d8efc7ac0ff0e5233f28aa2a8b4cc251ffd
SHA256

b351999cb47220d2d37c0a9f71654be008d26dfaa49a2845c33ba223dcebc939
SHA512

55a9f8c52d8d2a559fe16a5d2912417b275d18bb56a7debf8050841a44835039bfc61362665e04641e91d3ba56eb639dd47f37876af707a6adffbb87e6980615
SSDEEP

24576:HJy8dFpuy1lq8bFB1UzLQsywJ+g98J7vdwvovf:HJycZ1lq8bD1UzLDywJ+N7Vwy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-13_2b7014a0bd7d1cd245dc2693c8a8d34c_avoslocker_cobalt-strike

Files

2024-06-13_2b7014a0bd7d1cd245dc2693c8a8d34c_avoslocker_cobalt-strike
.exe windows:10 windows x86 arch:x86

835adcc9220dfe4a685dd00151076356

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MpWUStub.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
AllocateAndInitializeSid
CopySid
RegCloseKey
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
GetTokenInformation
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
AddAccessAllowedAce

kernel32

GetCurrentProcessId
CloseHandle
Sleep
GetProcessId
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetLastError
SetLastError
GetCurrentThread
GetCurrentThreadId
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryExW
CompareStringW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
EncodePointer
RaiseException
ReadFile
CreateDirectoryW
GetThreadTimes
CallNamedPipeW
FindClose
DeleteFileW
VirtualQuery
FlushFileBuffers
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcessTimes
GetCommandLineW
FindNextFileW
GetModuleFileNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
WaitForSingleObject
GetFileAttributesW
GetSystemDirectoryW
OpenProcess
CreateEventW
SetEvent
HeapSetInformation
ResetEvent
CreateProcessW
GetExitCodeProcess
GetFileSizeEx
WriteFile
CreateFileW
SetFilePointerEx
VirtualLock
GetStdHandle
GetCommandLineA
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
WriteConsoleW
DecodePointer
WaitForSingleObjectEx

rpcrt4

UuidCreate

ntdll

RtlUnwind
RtlGetVersion
RtlNtStatusToDosError
NtQueryInformationProcess

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 799KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

835adcc9220dfe4a685dd00151076356

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

rpcrt4

ntdll

Sections

.text Size: 172KB - Virtual size: 171KB

.data Size: 3KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 799KB - Virtual size: 798KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 172KB - Virtual size: 171KB

.data
Size: 3KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 799KB - Virtual size: 798KB

.reloc
Size: 7KB - Virtual size: 6KB