2024-07-07_766a3755b4e7a9b457aae5cdb3e50dda_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-07_766a3755b4e7a9b457aae5cdb3e50dda_avoslocker_cobalt-strike
Size

832KB
MD5

766a3755b4e7a9b457aae5cdb3e50dda
SHA1

912b0801817cf3e09224364cab97d5ff00ee8a89
SHA256

ace9b7016df912d568126f9f37a3d3e5b7802e2f99e3ed54a021119523cf5618
SHA512

05bebcdc5d28766708abf023b571be3e368e723b843fc54d2c53b2f6988497aeb9b1917777c0cbb60a2191f5960d502960331653ecf4732305419e0f7c57c424
SSDEEP

24576:DoRbpq/d8kGHBswpbMOQOQ+Yen3OmzU5X1wLfPYI:Qbpq/d8kCBswlMjOQ+YIw5X1wjJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-07_766a3755b4e7a9b457aae5cdb3e50dda_avoslocker_cobalt-strike

Files

2024-07-07_766a3755b4e7a9b457aae5cdb3e50dda_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

73a99421c03d3f56333f368b6d96c755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\a\b\d_00000000_\b\out\Win32\Release\starter.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
ResetEvent
DeleteCriticalSection
LocalAlloc
OpenProcess
DeleteFileW
RemoveDirectoryW
GetModuleFileNameW
GetLastError
CreateDirectoryW
CompareStringW
GetTempPathW
ExpandEnvironmentStringsW
CreateProcessW
CreateFileW
GetSystemWindowsDirectoryW
GetExitCodeProcess
GetCurrentProcessId
ReadFile
FormatMessageW
GetModuleHandleW
GetFileAttributesW
SetCurrentDirectoryW
LoadLibraryExW
GetProcAddress
FreeLibrary
LocalFree
HeapFree
GetProcessHeap
MultiByteToWideChar
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetModuleHandleA
GetCurrentProcess
GetCurrentDirectoryW
MoveFileW
HeapAlloc
GetLocalTime
Sleep
GetCurrentThreadId
SetUnhandledExceptionFilter
SetEnvironmentVariableW
GetWindowsDirectoryW
GetLongPathNameW
LoadLibraryW
SetDllDirectoryW
SetLastError
TlsSetValue
VirtualProtect
VirtualAlloc
TlsAlloc
GetSystemInfo
FlushInstructionCache
TlsGetValue
TlsFree
GetTickCount
VirtualQuery
RaiseException
LoadLibraryExA
FindResourceExW
LoadResource
LockResource
SizeofResource
WriteFile
GetModuleFileNameA
GetModuleHandleExA
SetFilePointer
FindNextFileW
FindClose
MoveFileExW
GetTempFileNameW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
WideCharToMultiByte
GetStringTypeW
QueryPerformanceCounter
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
WriteConsoleW

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73a99421c03d3f56333f368b6d96c755

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 237KB - Virtual size: 237KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 5KB - Virtual size: 19KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 237KB - Virtual size: 237KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 5KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 12KB - Virtual size: 11KB