2024-06-25_a029c1a827ed76c10c5fe09aece026c4_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_a029c1a827ed76c10c5fe09aece026c4_avoslocker_cobalt-strike
Size

879KB
MD5

a029c1a827ed76c10c5fe09aece026c4
SHA1

e019b15163bf401331595f8ced1950db1410be5c
SHA256

895058eb446a4186c820ea23f1aceb902636ae0a511218c6b16e3e44de9a0899
SHA512

0fe04cbe5d00ad768f8e4e6deb541ffb5059f83b797426a782224227a58bd1e2b6f07587535fed8f3b0331ca7a15ac550f4929711ef85e14c9a22ff8fdecd2b3
SSDEEP

24576:IUWuxdkPrHqKSGB1sJtb1bMXsitCORIkL4QQ:IUaTqKSGB1WMXsMCm1LG

Score

1^/10

Malware Config

Signatures

Files

2024-06-25_a029c1a827ed76c10c5fe09aece026c4_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

c27626ddee95ae69e7d288fdbcc1f0ab

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:e0:8e:77:bc:e1:c4:08:01:2c:43:29:81:73:6c:8c
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

17/02/2022, 00:57

Not After

17/02/2025, 00:57

Subject

SERIALNUMBER=4324432,CN=Teradata Corporation,O=Teradata Corporation,L=San Diego,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:22

Not After

29/12/2040, 23:59

Subject

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6e
Certificate

Issuer

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:47

Not After

18/04/2035, 00:00

Subject

CN=Entrust Timestamp Authority - TSA2,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:00:96:1f:a5:d2:a3:e1:f7:e1:c2:4a:ef:c4:f7:0f:d9:e3:63:85:d0:34:a2:0e:24:8b:21:93:96:f9:94:8d
Signer

Actual PE Digest

99:00:96:1f:a5:d2:a3:e1:f7:e1:c2:4a:ef:c4:f7:0f:d9:e3:63:85:d0:34:a2:0e:24:8b:21:93:96:f9:94:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TeamCity-Agents\SCM\BuildAgent\work\ccb22ebae3d2c94c\nt-i386\Release\Tool\.tmpout\tdwallet.pdb

Imports

kernel32

CreateFileW
FindClose
FindFirstFileW
FindNextFileW
ReadFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LocalFree
FormatMessageW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
HeapSize
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapAlloc
HeapFree
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
SetStdHandle
WriteConsoleW

Sections

.text
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c27626ddee95ae69e7d288fdbcc1f0ab

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

39:e0:8e:77:bc:e1:c4:08:01:2c:43:29:81:73:6c:8cCertificate

Extended Key Usages

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3bCertificate

Extended Key Usages

Key Usages

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6eCertificate

Extended Key Usages

Key Usages

99:00:96:1f:a5:d2:a3:e1:f7:e1:c2:4a:ef:c4:f7:0f:d9:e3:63:85:d0:34:a2:0e:24:8b:21:93:96:f9:94:8dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 536KB - Virtual size: 536KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 22KB - Virtual size: 22KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

39:e0:8e:77:bc:e1:c4:08:01:2c:43:29:81:73:6c:8c
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6e
Certificate

99:00:96:1f:a5:d2:a3:e1:f7:e1:c2:4a:ef:c4:f7:0f:d9:e3:63:85:d0:34:a2:0e:24:8b:21:93:96:f9:94:8d
Signer

.text
Size: 536KB - Virtual size: 536KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 22KB - Virtual size: 22KB