2024-06-24_a976f2cacd62c5cb6b5a806da76d85c2_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-24_a976f2cacd62c5cb6b5a806da76d85c2_avoslocker_cobalt-strike
Size

421KB
MD5

a976f2cacd62c5cb6b5a806da76d85c2
SHA1

aff996c6d098f02530cf192b9da6b208d2dc0fe2
SHA256

cda1e53bcd8301fd2b6f5a0d40089a09407db7a4143a56c0e59d0ab80f73850d
SHA512

db8ab25c6ae69c0aeb66888f21368ae342fed7c79621cffdc589e44616f7e615c79e6933bbb18b973ac4a682625f8b6bf7d1e92accaca9097eb49de9971f93ef
SSDEEP

12288:P04QVY7vOkOj7wxo3VIE5nEWzVDsw+Sj8FojUTvNSoNGu7KsPfjx:/uJEWlswFj8e4xSoNfPft

Score

1^/10

Malware Config

Signatures

Files

2024-06-24_a976f2cacd62c5cb6b5a806da76d85c2_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

e2af6e3b92d555031608d2fc30ac9e06

Code Sign

58:db:3e:d6:fe:57:b2:25:b0:19:28:46:0d:f9:e9:5f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-04-2018 00:00

Not After

11-04-2021 23:59

Subject

CN=Pulse Secure\, LLC,OU=Engineering-2018,O=Pulse Secure\, LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:71:0a:44:25:b0:3c:50:ed:74:6d:4e:17:d2:7e:1f:05:fb:d7:63:59:86:3d:8c:a2:bc:97:8f:ce:d9:aa:a7
Signer

Actual PE Digest

17:71:0a:44:25:b0:3c:50:ed:74:6d:4e:17:d2:7e:1f:05:fb:d7:63:59:86:3d:8c:a2:bc:97:8f:ce:d9:aa:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\builds\bamboo\SAINT-P9188-CW\src\ssl-vpnBuild\win32\jsam\bin\Release\JSAMtool.pdb

Imports

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetTempPathA
ResetEvent
WaitForMultipleObjectsEx
CreateThread
TerminateThread
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
LocalFree
CreateFileMappingA
OpenFileMappingA
CreateDirectoryA
GetFileSize
SetFilePointer
WriteFile
GetTempFileNameA
DeviceIoControl
PulseEvent
MoveFileExA
GetVersion
GetCPInfo
GetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
GetLocalTime
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentProcessId
CreateMutexA
ReleaseMutex
FatalAppExitA
SetUnhandledExceptionFilter
CreateFileA
lstrcmpiA
GetVersionExA
GetCurrentProcess
Sleep
WaitForSingleObject
DeleteFileA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetLastError
GetCommandLineA
CreateEventA
SetEvent
GetFileInformationByHandle
CloseHandle
WriteConsoleW
DecodePointer
ReadConsoleW
HeapSize
CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
GetProcessHeap
GetStringTypeW
OutputDebugStringW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
SetThreadPriority
GetThreadPriority
GetExitCodeThread
SuspendThread
ResumeThread
GetFileAttributesA
ReadFile
RemoveDirectoryA
SetEndOfFile
GetWindowsDirectoryA
CopyFileA
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetModuleFileNameW
GetCommandLineW
GetCurrentThread
HeapFree
HeapAlloc
GetFileType
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetEnvironmentStringsW

user32

CharNextA

advapi32

CryptAcquireContextA
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
GetSecurityDescriptorSacl
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegNotifyChangeKeyValue
RegCreateKeyExA
GetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCloseKey
GetUserNameA
RevertToSelf
GetTokenInformation
DuplicateToken
CreateWellKnownSid
CheckTokenMembership
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
CryptReleaseContext

shell32

SHGetMalloc
ShellExecuteExA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHCreateDirectoryExA

ole32

CoCreateInstance

ws2_32

socket
setsockopt
send
WSAStartup
listen
inet_addr
htons
closesocket
bind
accept
WSAGetLastError
WSACleanup
recv

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

StrStrIA

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2af6e3b92d555031608d2fc30ac9e06

Code Sign

58:db:3e:d6:fe:57:b2:25:b0:19:28:46:0d:f9:e9:5fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

17:71:0a:44:25:b0:3c:50:ed:74:6d:4e:17:d2:7e:1f:05:fb:d7:63:59:86:3d:8c:a2:bc:97:8f:ce:d9:aa:a7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

version

shlwapi

Sections

.text Size: 335KB - Virtual size: 335KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 7KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

58:db:3e:d6:fe:57:b2:25:b0:19:28:46:0d:f9:e9:5f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

17:71:0a:44:25:b0:3c:50:ed:74:6d:4e:17:d2:7e:1f:05:fb:d7:63:59:86:3d:8c:a2:bc:97:8f:ce:d9:aa:a7
Signer

.text
Size: 335KB - Virtual size: 335KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 7KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB