2024-06-19_e894d49375facbffa76261cb9e977548_avoslocker_cobalt-strike_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_e894d49375facbffa76261cb9e977548_avoslocker_cobalt-strike_metamorfo
Size

462KB
MD5

e894d49375facbffa76261cb9e977548
SHA1

9b62ca1d16820d041e768bca8f0eed99f22d92c1
SHA256

4376a51a0846679e96120c5e2f296eff5f9d0fd4d911e7e1a3834124fdb9e022
SHA512

94171f7a10c9db2c32f147b1b0f5cb10624fe93b1ca4bfc7e290181e80c901d82bf2c7ba08804d6919bf83620554fa0ef0fc5f24ee9bb2b63f12ea14807cf3fe
SSDEEP

12288:2XisPKhQxeoOzO0TCl8cRX3T0UV5KCXEIFNJPO7J:2ysCuxeoOzvTCl8ulV5KCXXBG7J

Score

1^/10

Malware Config

Signatures

Files

2024-06-19_e894d49375facbffa76261cb9e977548_avoslocker_cobalt-strike_metamorfo
.exe windows:6 windows x86 arch:x86

43a8284d63daf64c3d9dfede88e88c59

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:29:ae:5d:6a:3c:97:16:1e:4b:88:8d:f7:ed:b4:2e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/06/2022, 00:00

Not After

18/06/2025, 23:59

Subject

SERIALNUMBER=0705579-2,CN=WithSecure Oyj,O=WithSecure Oyj,L=Helsinki,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:91:93:e4:c9:ad:a4:c9:3c:9d:39:4b:04:da:fb:f1:8b:ff:9a:10:ad:fc:0d:71:a1:b8:fd:e5:f3:f5:74:a6
Signer

Actual PE Digest

9e:91:93:e4:c9:ad:a4:c9:3c:9d:39:4b:04:da:fb:f1:8b:ff:9a:10:ad:fc:0d:71:a1:b8:fd:e5:f3:f5:74:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hudsonwork\workspace\OneClient\oneclient_core\output\v143\x86\Release_Static\fs_oneclient_update_32.pdb

Imports

kernel32

WaitForMultipleObjects
SetEvent
CreateMutexW
CreateEventW
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryW
MoveFileExW
SwitchToThread
GetFileSizeEx
ReadFile
WriteFile
SetLastError
CreateProcessW
GetVersionExW
LocalFree
SystemTimeToFileTime
CompareFileTime
GetFileTime
SetEndOfFile
SetFileInformationByHandle
GetExitCodeProcess
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
OutputDebugStringA
ProcessIdToSessionId
GetSystemTime
GetLocalTime
GetTimeZoneInformation
GetFileInformationByHandle
HeapAlloc
HeapFree
GetProcessHeap
OpenMutexW
GetTickCount64
HeapSize
GetConsoleMode
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
RegisterApplicationRecoveryCallback
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetCurrentThreadId
CreateThread
GetCurrentProcessId
Sleep
WaitForSingleObject
SetErrorMode
SetUnhandledExceptionFilter
FlushFileBuffers
CreateFileW
TerminateProcess
GetCurrentProcess
RaiseException
VerifyVersionInfoW
VerSetConditionMask
GetCommandLineW
GetConsoleOutputCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
WriteConsoleW
IsValidCodePage
FindFirstFileExW
HeapReAlloc
LCMapStringW
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
GetLastError
SetFilePointerEx
CloseHandle
FreeLibraryAndExitThread
ExitThread
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetExitCodeThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSRWLock
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetConsoleCtrlHandler

advapi32

RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegNotifyChangeKeyValue
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW

msi

ord118
ord281
ord141
ord115
ord171
ord169
ord88

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryOption
WinHttpReadData
WinHttpConnect
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCreateUrl
WinHttpCrackUrl

crypt32

CertGetNameStringW
CertFreeCertificateContext

wintrust

WinVerifyTrust
WinVerifyTrustEx

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43a8284d63daf64c3d9dfede88e88c59

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:29:ae:5d:6a:3c:97:16:1e:4b:88:8d:f7:ed:b4:2eCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9e:91:93:e4:c9:ad:a4:c9:3c:9d:39:4b:04:da:fb:f1:8b:ff:9a:10:ad:fc:0d:71:a1:b8:fd:e5:f3:f5:74:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msi

winhttp

crypt32

wintrust

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 11KB - Virtual size: 31KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 14KB - Virtual size: 14KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:29:ae:5d:6a:3c:97:16:1e:4b:88:8d:f7:ed:b4:2e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9e:91:93:e4:c9:ad:a4:c9:3c:9d:39:4b:04:da:fb:f1:8b:ff:9a:10:ad:fc:0d:71:a1:b8:fd:e5:f3:f5:74:a6
Signer

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 11KB - Virtual size: 31KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 14KB - Virtual size: 14KB