2024-07-09_3c2b84c18f0005a8240c9d4d1108ec7a_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_3c2b84c18f0005a8240c9d4d1108ec7a_avoslocker_cobalt-strike
Size

690KB
MD5

3c2b84c18f0005a8240c9d4d1108ec7a
SHA1

45d67f9b126687876c5cdbbf442fe49163bebbac
SHA256

df9b344618f083bc99d4039e25844f1180723d66196b0af3f5c6a2f4d73f9fc7
SHA512

d10c5ede3f921b6b55ca417d3e5fa0fe2365de82b3342c2debf8c4d1a020a4d6dcf9acf03aa59a0dade263eaeca6fd189344e58ca2ef3dd0225c203f9acbe7e0
SSDEEP

12288:h1pUYYUMTAUsag2nBsxOgAMDE/mkmIaN3xik06pPEiM5hOBG1JydvZebz6o5uRlb:Zt/2nBsxOD5mIanEi+seJydv5omNfj5R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-09_3c2b84c18f0005a8240c9d4d1108ec7a_avoslocker_cobalt-strike

Files

2024-07-09_3c2b84c18f0005a8240c9d4d1108ec7a_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

3916e7ef72dc74a0a7cce1ce3109d152

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\johsi_tang\Desktop\Driver_Git\rtsrvclib\RTServiceApp\UWP_Proj\RTUWPSrvcMain\Release\RTUWPSrvcMain.pdb

Imports

rtuwpsrvclib

??$CreateRTModule@VCDeviceManagerIntf@@@@YGIAAV?$shared_ptr@VCDeviceManagerIntf@@@std@@W4_RT_SRVC_INTERFACE_TYPE@@@Z

rtuwpusbswext

??$CreateRTModule@VCUsbSwIntf@@@@YGIAAV?$shared_ptr@VCUsbSwIntf@@@std@@W4_RT_SRVC_INTERFACE_TYPE@@@Z

rtuwpwlanext

??$CreateRTModule@VCWlanOperationIntf@@@@YGIAAV?$shared_ptr@VCWlanOperationIntf@@@std@@W4_RT_SRVC_INTERFACE_TYPE@@@Z

advapi32

SetTokenInformation
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
QueryServiceConfigW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegDeleteKeyValueA
RegSetValueExA
CreateProcessAsUserW
OpenProcessToken
RegQueryValueExA
RegOpenKeyA
RegFlushKey
RegDeleteKeyA
DuplicateTokenEx
StartServiceW
RegCreateKeyA
RegCloseKey

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
LocalFree
LocalAlloc
GetModuleHandleExW
GetModuleFileNameW
GetLocalTime
OpenProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetErrorMode
GetLastError
SetUnhandledExceptionFilter
CloseHandle
CreateFileW
CreateDirectoryW
Sleep
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
SetStdHandle
HeapSize
WTSGetActiveConsoleSessionId
GetACP
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
IsValidCodePage
FindNextFileW
WriteConsoleW
FlsSetValue
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
SetConsoleCtrlHandler
SetFilePointerEx
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
TlsFree
FlsGetValue
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
GetCurrentThread
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetProcAddress
ExitProcess
FreeLibraryAndExitThread
FreeLibrary
ResumeThread
ExitThread
CreateThread
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
FlsAlloc
FlsFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

api-ms-win-core-debug-minidump-l1-1-0

MiniDumpWriteDump

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetNativeSystemInfo

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
InitializeConditionVariable
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
SwitchToThread

api-ms-win-core-localization-l1-2-0

GetCPInfo
LCMapStringEx
FormatMessageA
GetLocaleInfoEx

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
CompareStringEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3916e7ef72dc74a0a7cce1ce3109d152

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rtuwpsrvclib

rtuwpusbswext

rtuwpwlanext

advapi32

kernel32

version

api-ms-win-core-debug-minidump-l1-1-0

userenv

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

Sections

.text Size: 531KB - Virtual size: 530KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 531KB - Virtual size: 530KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB