2024-06-13_10d754cbfa57bdea0f63b87636395347_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-13_10d754cbfa57bdea0f63b87636395347_avoslocker_cobalt-strike
Size

484KB
MD5

10d754cbfa57bdea0f63b87636395347
SHA1

8ca52573b25dfde8366be7a6b53d3a82baf23265
SHA256

6e40acb2823a6e316421d80d7e55dbb8da0f1f9c180d7c853fa35a679ac68d61
SHA512

1b7d61a870da47c7f305cfc22b891b72e814f0950d0f9478d104d586865e517c4826562655ac9abb80d33bca90ed68834412ad7e13e402fb8ebb63af3d160c30
SSDEEP

12288:THtsK4nvPjCXMQMq+hcm2bdmgzZmgY+ObH4g9wqW87u4V40x:SnvPjC8QbpdmgBmWL4V40x

Score

1^/10

Malware Config

Signatures

Files

2024-06-13_10d754cbfa57bdea0f63b87636395347_avoslocker_cobalt-strike
.exe windows:5 windows x86 arch:x86

a82daf90ef631cb1d715ec98a722be04

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:2f:6f:9b:05:37:6d:f4:43:e2:96:4b:43:e8:e9:ac
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

29-08-2022 00:00

Not After

28-08-2025 23:59

Subject

CN=PC SOFT INFORMATIQUE SAS,O=PC SOFT INFORMATIQUE SAS,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:fd:77:62:cd:69:4a:ae:b2:05:6f:db:82:74:d9:71:ca:a7:ef:43
Signer

Actual PE Digest

de:fd:77:62:cd:69:4a:ae:b2:05:6f:db:82:74:d9:71:ca:a7:ef:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\source\source.YB\202773\Release_preinstall_9\WX\Desktop_x86_32_VS2019\Release\SetupFTP.pdb

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
FileTimeToSystemTime
Sleep
LoadLibraryW
GetProcAddress
FormatMessageW
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SetFileTime
SetLastError
GetFileTime
SystemTimeToFileTime
CreateFileW
DeleteFileW
CopyFileW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
FindClose
SetFileAttributesW
FindFirstFileExW
FindNextFileW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
GetModuleHandleW
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
TerminateProcess
GetModuleFileNameW
InitializeCriticalSection
CompareStringW
CompareStringA
GetPrivateProfileStringW
GetTimeZoneInformation
OpenFileMappingW
VirtualQuery
GetVersionExW
IsWow64Process
GetCurrentProcess
CreateProcessW
LCMapStringW
TlsAlloc
TlsFree
GetCurrentThreadId
TlsGetValue
TlsSetValue
GetCommandLineW
GetWindowsDirectoryW
GetExitCodeProcess
GetProfileIntW
GetPrivateProfileIntW
LoadLibraryExA
SetFilePointerEx
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
DecodePointer
HeapReAlloc
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
CloseHandle
SetEvent
UnmapViewOfFile
WaitForSingleObject
CreateEventW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
HeapSize
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemInfo
VirtualProtect
IsProcessorFeaturePresent

user32

SetWindowPos
GetClientRect
GetParent
SetWindowTextW
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
CreateDialogParamW
GetDlgItem
EndDialog
SetCursor
MessageBoxW
DialogBoxParamW
IsWindow
GetSystemMetrics
CharLowerW
CharUpperW
LoadCursorW
GetDesktopWindow
GetWindowTextLengthW
GetWindowTextW
SendMessageW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteExW

Exports

Exports

CommandeComposante

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a82daf90ef631cb1d715ec98a722be04

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

7c:2f:6f:9b:05:37:6d:f4:43:e2:96:4b:43:e8:e9:acCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

de:fd:77:62:cd:69:4a:ae:b2:05:6f:db:82:74:d9:71:ca:a7:ef:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 202KB - Virtual size: 202KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 137KB - Virtual size: 136KB

.reloc Size: 12KB - Virtual size: 11KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

7c:2f:6f:9b:05:37:6d:f4:43:e2:96:4b:43:e8:e9:ac
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

de:fd:77:62:cd:69:4a:ae:b2:05:6f:db:82:74:d9:71:ca:a7:ef:43
Signer

.text
Size: 202KB - Virtual size: 202KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 137KB - Virtual size: 136KB

.reloc
Size: 12KB - Virtual size: 11KB