2024-06-16_237275dab02196abc78711ad60b6a38a_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_237275dab02196abc78711ad60b6a38a_avoslocker_cobalt-strike
Size

669KB
MD5

237275dab02196abc78711ad60b6a38a
SHA1

6c8a3a397a6965a52c635ac4d1d77eca136739d1
SHA256

ae60f3f0d1d0b5de546680d8c8048919a8ba48306f7b5278309fe81f5ba4bac7
SHA512

5f2566c39c18f26573345174c0fe548b3de8b35b3a994b16bd91807465e5f5881a0aca537ab1a5ce7e22955c745fdf4c3878f8d86d3c25838abf8b65d8a6ee33
SSDEEP

12288:vAlCPHBWEj4LR/TkgNuKKQvJPdkaPkkzUtW02iRD42FNTvVMty5arlwf6dPMV:dsLR/Tkg4KTvJ6aPkkRpCRfAPm

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_237275dab02196abc78711ad60b6a38a_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

cac4c85e205c00263f530670a8c41030

Code Sign

0e:39:c5:fb:46:ed:1c:2c:90:c5:75:f1:07:b2:f5:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/11/2023, 00:00

Not After

01/12/2024, 23:59

Subject

CN=gamigo AG,O=gamigo AG,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Gitlab-Runner\builds\Uxz-yfy2e\0\client-software\monolith\Build\ProtectorGamesApp\Release\GameLauncher.pdb

Imports

kernel32

WriteFile
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetGeoInfoW
GetUserGeoID
GetUserDefaultUILanguage
CreateDirectoryW
OpenMutexW
GetSystemInfo
OpenFileMappingW
FormatMessageA
GetModuleHandleA
GetFileAttributesW
GetFileSizeEx
GetFullPathNameW
FindResourceExW
LoadResource
CreateMutexA
GetCurrentDirectoryW
FindClose
FindNextFileW
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToFileTime
SetLastError
GetCurrentProcessId
OpenMutexA
CreateFileMappingA
OpenFileMappingA
GetPrivateProfileSectionNamesW
FlushFileBuffers
SetFilePointerEx
GetVolumeInformationA
DeviceIoControl
GetWindowsDirectoryA
GetPrivateProfileStringW
GetTickCount
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileSize
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
DeleteFileW
CreateFileW
K32EnumProcesses
GetModuleFileNameW
VirtualQuery
GetNativeSystemInfo
GetVersionExW
DuplicateHandle
LeaveCriticalSection
EnterCriticalSection
CreateEventW
InitializeCriticalSection
GetExitCodeThread
GetExitCodeProcess
WaitForMultipleObjects
CreateRemoteThread
FlushInstructionCache
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
UnmapViewOfFile
MapViewOfFile
IsWow64Process
ReadFile
SetFilePointer
CreateFileA
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
OpenEventW
QueryUnbiasedInterruptTime
ResumeThread
AssignProcessToJobObject
CreateProcessW
SetInformationJobObject
GetLastError
CreateJobObjectW
SetEvent
GetCurrentThread
GetProcAddress
GetModuleHandleW
GetCurrentProcess
CheckRemoteDebuggerPresent
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
K32GetProcessImageFileNameW
OpenProcess
QueryInformationJobObject
CloseHandle
TerminateJobObject
CreateFileMappingW
CreateMutexW
GetCurrentThreadId
OpenThread
Sleep
WaitForSingleObject
GetTickCount64
ResetEvent
LocalFree
CreateThread
GetCommandLineW
GetCommandLineA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
GetCPInfo
GetStringTypeW
EncodePointer
SetEndOfFile
GetOEMCP

user32

BroadcastSystemMessageW
FindWindowA
IsWindow
GetForegroundWindow
IsWindowVisible
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
CreateDialogParamW
DestroyWindow
LoadIconW
RegisterWindowMessageA
MessageBoxW
SetWindowTextW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
SetDlgItemTextW
GetDlgItem
EnumDisplaySettingsW
GetSystemMetrics
ShowWindow
BringWindowToTop
SetFocus
AttachThreadInput
GetDC
GetClassNameA
PostMessageW
FindWindowW
SendMessageW
SetForegroundWindow
ReleaseDC
ChangeDisplaySettingsW

gdi32

GetDeviceCaps

advapi32

CryptReleaseContext
CryptGetHashParam
RegSetValueExA
RegSetKeySecurity
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
ImpersonateSelf
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
CryptGenRandom
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptDeriveKey
CryptAcquireContextW
RevertToSelf
ImpersonateLoggedOnUser
OpenThreadToken
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
SysFreeString

shlwapi

PathFileExistsW

secur32

GetUserNameExW

wininet

InternetQueryOptionA
HttpOpenRequestA
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
InternetConnectA
InternetReadFile
InternetOpenA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA

ws2_32

WSAStartup
gethostbyname
ntohl

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gchr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cac4c85e205c00263f530670a8c41030

Code Sign

0e:39:c5:fb:46:ed:1c:2c:90:c5:75:f1:07:b2:f5:42Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

secur32

wininet

ws2_32

iphlpapi

rpcrt4

Sections

.text Size: 364KB - Virtual size: 363KB

.pecode Size: 53KB - Virtual size: 53KB

.pccode Size: 11KB - Virtual size: 10KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 3KB - Virtual size: 9KB

.gchr Size: 4KB - Virtual size: 3KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 20KB - Virtual size: 20KB

0e:39:c5:fb:46:ed:1c:2c:90:c5:75:f1:07:b2:f5:42
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

.text
Size: 364KB - Virtual size: 363KB

.pecode
Size: 53KB - Virtual size: 53KB

.pccode
Size: 11KB - Virtual size: 10KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 3KB - Virtual size: 9KB

.gchr
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 20KB - Virtual size: 20KB