2024-06-19_83b3b207fae2e809f5de5331cb110af0_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_83b3b207fae2e809f5de5331cb110af0_avoslocker_cobalt-strike
Size

612KB
MD5

83b3b207fae2e809f5de5331cb110af0
SHA1

68f4ebe413c0d5c094a04deb0ee9e16e0256fc15
SHA256

fa9c2a643aaf5546b6bc1811fbf57482aeb4b3cae77eea2893b180386985ad68
SHA512

ac63c35afec5b47c18f9e2e93d23d703cbd6f2a1ad5a9d345d45fba96901f323358153e7db84743a3d0e93b562dc41362a5f2fd9e12577b1942b91d9c7954971
SSDEEP

12288:GVbsc7CoQMMRdc+JfCruCio7Yf6ceTXKJSI2TSVepOY0IvvpounQwrkyMabDXngt:GGCQzcwOceTlI/VesjIvXkkbTgiu

Score

1^/10

Malware Config

Signatures

Files

2024-06-19_83b3b207fae2e809f5de5331cb110af0_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

ff70bccfe862b666233f46ed9bc9e2d2

Code Sign

bc:d2:a1:53:df:6a:59:00:89:9c:33:e6:67:d2:a5:d3
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/01/2021, 00:00

Not After

05/01/2024, 23:59

Subject

CN=CODESYS Development GmbH,O=CODESYS Development GmbH,POSTALCODE=87439,STREET=Tobias-Dannheimer-Straße 5,L=Kempten,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:89:5a:68:89:23:82:2a:33:97:2f:6c:e5:c6:f4:90:1a:b9:2a:e5:00:f7:1a:d0:74:ab:cc:b7:be:0c:72:47
Signer

Actual PE Digest

32:89:5a:68:89:23:82:2a:33:97:2f:6c:e5:c6:f4:90:1a:b9:2a:e5:00:f7:1a:d0:74:ab:cc:b7:be:0c:72:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ci1\workspace\3.5.19.x\BUILD_RTS_Win_x86\CodesysSpV3\CodesysSpV3\Platforms\Windows\ServiceControl_x86\Build\Release\ServiceControl.exe.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SetConsoleCtrlHandler
AllocConsole
FormatMessageA
LocalFree
GetModuleFileNameA
GetVersionExA
Sleep
GetLastError
SetCurrentDirectoryA
GetStdHandle
DecodePointer
WriteConsoleW
HeapSize
SetFilePointerEx
GetFileSizeEx
GetModuleHandleA
GetProcAddress
GetCurrentProcess
FlushInstructionCache
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
FlushFileBuffers
GetFileInformationByHandle
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
CloseHandle
GetVersion
CopyFileA
MoveFileA
FileTimeToSystemTime
SystemTimeToFileTime
VirtualAlloc
VirtualFree
VirtualQuery
VirtualLock
VirtualUnlock
IsBadReadPtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
DeviceIoControl
MapViewOfFile
UnmapViewOfFile
FreeLibrary
LoadLibraryA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
CreateFileMappingA
OpenFileMappingA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
CreateThread
GetCurrentThreadId
SetThreadPriority
TerminateThread
SuspendThread
ResumeThread
GetThreadContext
GetTickCount
GetSystemTimeAdjustment
GetSystemTime
SetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
SetTimeZoneInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
GetCommandLineA
GetCommandLineW
GetConsoleCP
SetStdHandle
GetFileType
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
WideCharToMultiByte
CreateFileW
GetConsoleMode
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
ReadConsoleW
HeapReAlloc
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap

user32

LoadStringA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
FreeSid
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
AllocateAndInitializeSid
AddAccessAllowedAce
CloseServiceHandle
CopySid
GetLengthSid
IsValidSid
LookupAccountNameA
GetUserNameA
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
ChangeServiceConfig2A

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime

Sections

.text
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff70bccfe862b666233f46ed9bc9e2d2

Code Sign

bc:d2:a1:53:df:6a:59:00:89:9c:33:e6:67:d2:a5:d3Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

32:89:5a:68:89:23:82:2a:33:97:2f:6c:e5:c6:f4:90:1a:b9:2a:e5:00:f7:1a:d0:74:ab:cc:b7:be:0c:72:47Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

winmm

Sections

.text Size: 494KB - Virtual size: 494KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 4KB - Virtual size: 114KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

bc:d2:a1:53:df:6a:59:00:89:9c:33:e6:67:d2:a5:d3
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

32:89:5a:68:89:23:82:2a:33:97:2f:6c:e5:c6:f4:90:1a:b9:2a:e5:00:f7:1a:d0:74:ab:cc:b7:be:0c:72:47
Signer

.text
Size: 494KB - Virtual size: 494KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 114KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB