2024-07-03_41fcfb2666d9d140f50901a25c8336a1_avoslocker_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_41fcfb2666d9d140f50901a25c8336a1_avoslocker_cobalt-strike
Size

681KB
MD5

41fcfb2666d9d140f50901a25c8336a1
SHA1

3f331bc9ab9472047d8eebc69c55dcb8b971ab4b
SHA256

68791031f10cd2744c88b0a65d4d6806c6cca62fd1fbfc4d51f28b8dbd3a774c
SHA512

94687f7243962e6b42b1342ceecd8a5b34a7a1c8422066412b5011ea7c914fc5e666020a8801c1b4d09965e079bac95ea2c6cfcf63ed5f92e439a83bd45c1b1a
SSDEEP

12288:MzWvKCuMsB+fIVo/Rt5zjbqA626nirwxZK/YqQkwN3hiPD9mruaH2zCQBhRv6gmo:MzWvKCuJ+8wqZiJQkwN3hiR1CQB/xDDJ

Score

1^/10

Malware Config

Signatures

Files

2024-07-03_41fcfb2666d9d140f50901a25c8336a1_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

6ffebc1ff542b6fe00b821411e1ee43c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:fc:08:50:04:6d:2d:f5:da:c5:cf:55:ee:6b:8f:92
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

26-10-2021 00:00

Not After

25-10-2024 23:59

Subject

CN=3M Company,OU=3M Company,O=3M Company,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

34:0e:35:50:f7:59:e0:9d:31:85:19:7c:4f:63:0e:9d:7b:8e:70:4d
Signer

Actual PE Digest

34:0e:35:50:f7:59:e0:9d:31:85:19:7c:4f:63:0e:9d:7b:8e:70:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\FluencyDirect\Client\RemoteApp\SsoSignalApp\bin\Release\SsoSignalApp.pdb

Imports

kernel32

DecodePointer
LocalFree
DeleteCriticalSection
GetProcessHeap
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
Process32FirstW
CloseHandle
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
MultiByteToWideChar
CreateDirectoryW
FindFirstFileW
GetFileSizeEx
FindNextFileW
FindClose
AttachConsole
DeleteFileW
GetTimeFormatW
SystemTimeToFileTime
GetSystemTime
GetDateFormatW
GetTickCount
AllocConsole
RegisterWaitForSingleObject
HeapAlloc
ReadFile
SetNamedPipeHandleState
GetConsoleOutputCP
WriteFile
CreateNamedPipeW
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
CreateMutexW
WaitForSingleObject
CreateFileW
GetCurrentThreadId
DisconnectNamedPipe
CreateEventW
SetEvent
CreateThread
GetOverlappedResult
CreateProcessW
WaitNamedPipeW
ConnectNamedPipe
GetLocaleInfoW
LCMapStringW
CompareStringW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
OpenEventW
HeapFree
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
FlushFileBuffers
EnumSystemLocalesW
ExitProcess
SetStdHandle
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
LoadLibraryExW
FreeLibrary
TlsFree
GetUserDefaultLCID
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
IsValidLocale

user32

PostThreadMessageW
TranslateMessage
DispatchMessageW
GetMessageW
SetTimer
KillTimer

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor
GetUserNameW

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

SysAllocStringByteLen
VariantInit
GetActiveObject
SysFreeString
SysAllocString
SysStringLen
VariantClear
CreateErrorInfo
VariantChangeType
VariantCopy
DispCallFunc

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ffebc1ff542b6fe00b821411e1ee43c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

75:fc:08:50:04:6d:2d:f5:da:c5:cf:55:ee:6b:8f:92Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

34:0e:35:50:f7:59:e0:9d:31:85:19:7c:4f:63:0e:9d:7b:8e:70:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 526KB - Virtual size: 526KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 10KB - Virtual size: 13KB

.reloc Size: 26KB - Virtual size: 25KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

75:fc:08:50:04:6d:2d:f5:da:c5:cf:55:ee:6b:8f:92
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

34:0e:35:50:f7:59:e0:9d:31:85:19:7c:4f:63:0e:9d:7b:8e:70:4d
Signer

.text
Size: 526KB - Virtual size: 526KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 10KB - Virtual size: 13KB

.reloc
Size: 26KB - Virtual size: 25KB