2024-06-14_ca4f3cec0dee82c2ea671d2ca7ea8f7b_avoslocker_cobalt-strike_magniber_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_ca4f3cec0dee82c2ea671d2ca7ea8f7b_avoslocker_cobalt-strike_magniber_metamorfo
Size

936KB
MD5

ca4f3cec0dee82c2ea671d2ca7ea8f7b
SHA1

e4e4fb9b25842b410cecd9511135b2651a5fd0f4
SHA256

55af3d8bf45a723485736e515e0dabeea3b00f4949ab1271d8871a7e1a4485cf
SHA512

bc6c5819935f7a48462a9ea8e2b16987f159d661bcbe7a0c81c5a49fa7d6cefee00e95ee59bb7912b33d68205cc7f7ea519f6e575133803db75625fb36394d2e
SSDEEP

24576:2zfuQcwo2k/uBFp//cnab1r4oDCqtDHk7HpUwYwN:2zzo2k/uBP//cnmxOUIUNwN

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_ca4f3cec0dee82c2ea671d2ca7ea8f7b_avoslocker_cobalt-strike_magniber_metamorfo
.exe windows:6 windows x86 arch:x86

5b13a4b58101f1b5ed034aaaf017740d

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7b:00:db:1e:71:25:f7:2a:30:c0:d6:72:a3:ef:52
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2024, 00:00

Not After

02/03/2027, 23:59

Subject

SERIALNUMBER=91110102MACQD9K640,CN=北京春田知韵科技有限公司,O=北京春田知韵科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e8a5bfe59f8ee58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:17:7e:8d:06:af:4a:a0:07:0a:13:51:08:0b:4a:3c:5a:dc:66:5c:be:af:ce:74:e2:28:80:bc:5f:1c:a8:19
Signer

Actual PE Digest

4b:17:7e:8d:06:af:4a:a0:07:0a:13:51:08:0b:4a:3c:5a:dc:66:5c:be:af:ce:74:e2:28:80:bc:5f:1c:a8:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\Packet\Build\UnicodeRelease\LarkLauncher\LarkLauncher.pdb

Imports

kernel32

GetSystemInfo
VirtualProtect
VirtualQuery
MoveFileExW
MoveFileW
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
OpenProcess
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
GetProcessTimes
CreateEventW
WriteConsoleW
SetEndOfFile
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WaitForSingleObject
SetEvent
GetLastError
CloseHandle
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
VerSetConditionMask
GetStdHandle
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFinalPathNameByHandleW
GetLogicalDriveStringsW
QueryDosDeviceW
RemoveDirectoryW
SetFileAttributesW
WriteFile
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrlenW
VerifyVersionInfoW
MultiByteToWideChar
WideCharToMultiByte
AllocConsole
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
WaitForMultipleObjects
SetDllDirectoryW
GetUserDefaultUILanguage
HeapAlloc
GetProcessHeap
CreateDirectoryW
LocalFileTimeToFileTime
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetStdHandle
GetFileType
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetCurrentThread
LoadLibraryExA

user32

wsprintfW
GetShellWindow
GetWindowThreadProcessId
GetSystemMetrics
UnregisterClassW
MessageBoxW

advapi32

EqualSid
RegSetValueExW
RegOpenKeyExW
OpenProcessToken
AllocateAndInitializeSid
CheckTokenMembership
AdjustTokenPrivileges
FreeSid
GetTokenInformation
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
GetUserNameW

shell32

SHCreateDirectoryExW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ws2_32

WSAStartup
socket
getsockopt
closesocket
WSAGetLastError

shlwapi

PathIsRelativeW
PathIsNetworkPathW
SHGetValueW
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
PathIsDirectoryW
PathFindExtensionW
SHSetValueW
StrStrIW
PathFileExistsW

wintrust

CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
WinVerifyTrust

crypt32

CryptDecodeObjectEx
CryptStringToBinaryA
CertGetNameStringW

bcrypt

BCryptImportKeyPair
BCryptEncrypt
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDestroyKey

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo
SysAllocString

Exports

Exports

_cJSON_AddArrayToObject@8
_cJSON_AddBoolToObject@12
_cJSON_AddFalseToObject@8
_cJSON_AddItemReferenceToArray@8
_cJSON_AddItemReferenceToObject@12
_cJSON_AddItemToArray@8
_cJSON_AddItemToObject@12
_cJSON_AddItemToObjectCS@12
_cJSON_AddNullToObject@8
_cJSON_AddNumberToObject@16
_cJSON_AddObjectToObject@8
_cJSON_AddRawToObject@12
_cJSON_AddStringToObject@12
_cJSON_AddTrueToObject@8
_cJSON_Compare@12
_cJSON_CreateArray@0
_cJSON_CreateArrayReference@4
_cJSON_CreateBool@4
_cJSON_CreateDoubleArray@8
_cJSON_CreateFalse@0
_cJSON_CreateFloatArray@8
_cJSON_CreateIntArray@8
_cJSON_CreateNull@0
_cJSON_CreateNumber@8
_cJSON_CreateObject@0
_cJSON_CreateObjectReference@4
_cJSON_CreateRaw@4
_cJSON_CreateString@4
_cJSON_CreateStringArray@8
_cJSON_CreateStringReference@4
_cJSON_CreateTrue@0
_cJSON_Delete@4
_cJSON_DeleteItemFromArray@8
_cJSON_DeleteItemFromObject@8
_cJSON_DeleteItemFromObjectCaseSensitive@8
_cJSON_DetachItemFromArray@8
_cJSON_DetachItemFromObject@8
_cJSON_DetachItemFromObjectCaseSensitive@8
_cJSON_DetachItemViaPointer@8
_cJSON_Duplicate@8
_cJSON_GetArrayItem@8
_cJSON_GetArraySize@4
_cJSON_GetErrorPtr@0
_cJSON_GetObjectItem@8
_cJSON_GetObjectItemCaseSensitive@8
_cJSON_GetStringValue@4
_cJSON_HasObjectItem@8
_cJSON_InitHooks@4
_cJSON_InsertItemInArray@12
_cJSON_IsArray@4
_cJSON_IsBool@4
_cJSON_IsFalse@4
_cJSON_IsInvalid@4
_cJSON_IsNull@4
_cJSON_IsNumber@4
_cJSON_IsObject@4
_cJSON_IsRaw@4
_cJSON_IsString@4
_cJSON_IsTrue@4
_cJSON_Minify@4
_cJSON_Parse@4
_cJSON_ParseWithOpts@12
_cJSON_Print@4
_cJSON_PrintBuffered@12
_cJSON_PrintPreallocated@16
_cJSON_PrintUnformatted@4
_cJSON_ReplaceItemInArray@12
_cJSON_ReplaceItemInObject@12
_cJSON_ReplaceItemInObjectCaseSensitive@12
_cJSON_ReplaceItemViaPointer@12
_cJSON_SetNumberHelper@12
_cJSON_Version@0
_cJSON_free@4
_cJSON_malloc@4

Sections

.text
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b13a4b58101f1b5ed034aaaf017740d

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:7b:00:db:1e:71:25:f7:2a:30:c0:d6:72:a3:ef:52Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4b:17:7e:8d:06:af:4a:a0:07:0a:13:51:08:0b:4a:3c:5a:dc:66:5c:be:af:ce:74:e2:28:80:bc:5f:1c:a8:19Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

wintrust

crypt32

bcrypt

ole32

oleaut32

Exports

Exports

Sections

.text Size: 613KB - Virtual size: 613KB

.rdata Size: 157KB - Virtual size: 156KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 24KB - Virtual size: 23KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:7b:00:db:1e:71:25:f7:2a:30:c0:d6:72:a3:ef:52
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4b:17:7e:8d:06:af:4a:a0:07:0a:13:51:08:0b:4a:3c:5a:dc:66:5c:be:af:ce:74:e2:28:80:bc:5f:1c:a8:19
Signer

.text
Size: 613KB - Virtual size: 613KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 24KB - Virtual size: 23KB