2024-06-15_4665b19ec8290156e6533b31fe9639f8_avoslocker_cobalt-strike_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_4665b19ec8290156e6533b31fe9639f8_avoslocker_cobalt-strike_metamorfo
Size

895KB
MD5

4665b19ec8290156e6533b31fe9639f8
SHA1

547b1266d024c1d55791b7084d182e27afdb1aad
SHA256

38050fbb2357e415579e4024f6ea074fe4539f5369d73aea6777162f91c6079a
SHA512

243ae11098f336ef1e405f5b3d6c19d790432124c168ed70834c612ed631c4deb96a479c9cde0be686d3c81e348533a28006658631fa98bb1e0453fabfccce28
SSDEEP

12288:ArjgF0tyKREdl837QnvBnAGaQlylPTfvad1DQJQXFoQE9w5JYW/aNEBZwHCOuF6m:GREFDQJQ1oQCeLayPzzXtV0p7F8n

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_4665b19ec8290156e6533b31fe9639f8_avoslocker_cobalt-strike_metamorfo
.exe windows:6 windows x86 arch:x86

0c5aa9ad2ae096765c38f355997dbf8c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:7f:f4:7a:6a:ce:45:b9:61:55:a0:84:4b:f1:fb:35
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/11/2018, 00:00

Not After

27/01/2021, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130a4d6f72726973746f776e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:7f:f4:7a:6a:ce:45:b9:61:55:a0:84:4b:f1:fb:35
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/11/2018, 00:00

Not After

27/01/2021, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130a4d6f72726973746f776e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:ff:bd:5a:0b:ab:8b:60:ca:9a:8f:e3:7f:55:4e:87:07:66:3a:da:d5:f6:b0:b1:f5:7a:e9:74:ba:7d:56:57
Signer

Actual PE Digest

e6:ff:bd:5a:0b:ab:8b:60:ca:9a:8f:e3:7f:55:4e:87:07:66:3a:da:d5:f6:b0:b1:f5:7a:e9:74:ba:7d:56:57

Digest Algorithm

sha256

PE Digest Matches

true

8f:e6:8f:5b:14:ed:f1:30:3e:41:52:fb:ef:8b:2b:c3:fb:f3:18:12
Signer

Actual PE Digest

8f:e6:8f:5b:14:ed:f1:30:3e:41:52:fb:ef:8b:2b:c3:fb:f3:18:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\pl\output\ProcessGovernor.pdb

Imports

kernel32

GetCommandLineW
GetCurrentProcess
SetProcessAffinityMask
GetProcessAffinityMask
SetProcessShutdownParameters
SetThreadPriority
InitializeCriticalSection
CreateMutexW
OpenEventW
GetVersionExW
OpenProcess
CreateEventW
Sleep
SetEvent
GetCurrentThread
TerminateThread
CreateDirectoryW
CreateThread
ResetEvent
GetCurrentDirectoryW
SetThreadPriorityBoost
GetPriorityClass
GetProcAddress
GetComputerNameW
GetCurrentProcessId
CreateProcessW
SetThreadExecutionState
FreeLibrary
GetSystemTime
GetTickCount
GetProcessTimes
OpenThread
SetUnhandledExceptionFilter
WaitForMultipleObjects
GlobalMemoryStatusEx
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
SetProcessPriorityBoost
GetExitCodeProcess
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
GetFileAttributesW
WriteFile
ReadFile
GetFileTime
GetSystemTimeAsFileTime
GetSystemInfo
CloseHandle
CreateFileW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
IsBadWritePtr
GetModuleHandleW
GetProcessHeap
ExitProcess
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
LoadLibraryW
RaiseException
HeapReAlloc
SetPriorityClass
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
SizeofResource
GetThreadPriority
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FindClose
SetFilePointerEx
GetUserDefaultUILanguage
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
GetStartupInfoW
ProcessIdToSessionId
SetLastError
GetVolumeNameForVolumeMountPointW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
GetHandleInformation
TryEnterCriticalSection
GetTempPathW
GetSystemDirectoryW
TerminateProcess
GetProcessPriorityBoost
SetProcessWorkingSetSize
IsBadReadPtr
ResumeThread
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetLogicalProcessorInformation
GetLocalTime
OpenMutexW
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
ReleaseMutex
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
GetCurrentThreadId
SuspendThread
VirtualQuery
FindNextFileW
LocalAlloc
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalLock
LocalUnlock
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
SignalObjectAndWait
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetFileType
CompareStringW
LCMapStringW

user32

EnumThreadWindows
EnumWindows
GetWindow
CheckDlgButton
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
BeginPaint
DrawIcon
EndPaint
GetSysColor
GetDialogBaseUnits
SystemParametersInfoW
GetSystemMetrics
LoadIconW
DestroyIcon
GetClientRect
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
SetWindowPos
SetForegroundWindow
GetWindowRect
MoveWindow
GetParent
WinHelpW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
WaitMessage
DestroyWindow
LoadStringW
MessageBoxW
EnableWindow
KillTimer
GetDlgItem
GetWindowTextW
SetFocus
DrawTextW
SetWindowLongW
GetWindowThreadProcessId
GetLastInputInfo
GetForegroundWindow
FindWindowW
IsWow64Message
PostQuitMessage
GetWindowLongW
PostMessageW
SendMessageW
SetWindowTextW
SetTimer

advapi32

OpenProcessToken
EnumServicesStatusExW
StartServiceW
ControlService
QueryServiceStatus
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LookupAccountSidW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
GetUserNameW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateDirectoryExW

oleaut32

SysFreeString
VariantClear

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

shlwapi

SHDeleteKeyW

pdh

PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhOpenQueryW
PdhRemoveCounter
PdhCollectQueryData
PdhCloseQuery

rpcrt4

UuidCreate
UuidFromStringW

gdi32

SetTextColor
SetBkColor
DeleteObject
DeleteDC
CreateFontIndirectW
CreateDCW
CreateSolidBrush
SelectObject
GetTextExtentPoint32W

ole32

StringFromGUID2
CoInitializeEx

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c5aa9ad2ae096765c38f355997dbf8c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

10:7f:f4:7a:6a:ce:45:b9:61:55:a0:84:4b:f1:fb:35Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

10:7f:f4:7a:6a:ce:45:b9:61:55:a0:84:4b:f1:fb:35Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e6:ff:bd:5a:0b:ab:8b:60:ca:9a:8f:e3:7f:55:4e:87:07:66:3a:da:d5:f6:b0:b1:f5:7a:e9:74:ba:7d:56:57Signer

8f:e6:8f:5b:14:ed:f1:30:3e:41:52:fb:ef:8b:2b:c3:fb:f3:18:12Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

wtsapi32

shlwapi

pdh

rpcrt4

gdi32

ole32

Sections

.text Size: 501KB - Virtual size: 501KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 20KB - Virtual size: 43KB

.rsrc Size: 226KB - Virtual size: 225KB

.reloc Size: 27KB - Virtual size: 27KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

10:7f:f4:7a:6a:ce:45:b9:61:55:a0:84:4b:f1:fb:35
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

10:7f:f4:7a:6a:ce:45:b9:61:55:a0:84:4b:f1:fb:35
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e6:ff:bd:5a:0b:ab:8b:60:ca:9a:8f:e3:7f:55:4e:87:07:66:3a:da:d5:f6:b0:b1:f5:7a:e9:74:ba:7d:56:57
Signer

8f:e6:8f:5b:14:ed:f1:30:3e:41:52:fb:ef:8b:2b:c3:fb:f3:18:12
Signer

.text
Size: 501KB - Virtual size: 501KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 20KB - Virtual size: 43KB

.rsrc
Size: 226KB - Virtual size: 225KB

.reloc
Size: 27KB - Virtual size: 27KB