2024-07-11_dba0da41bb74711d252ccbd9ef44071e_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-11_dba0da41bb74711d252ccbd9ef44071e_avoslocker_revil
Size

6.1MB
MD5

dba0da41bb74711d252ccbd9ef44071e
SHA1

b96d70e81121e94676979cc0e8694da9ec48c97f
SHA256

4a02f5f51b6c001367e4e907c1441ad2daf2f5d07b22e7faf2feeee61efa1800
SHA512

31c6838a19cfb4c34d0b6c938030eb7bb81a6560046d4b42a671388114759ba9b14814ba58be93123faae0650166c8d1b03f427fb95d6e3e6ac8aa773c781d4d
SSDEEP

98304:uche4hvsjnWtSfxZu3WTQwFcgdxUFZ9LWEDctV5jIrB4nUpLXv:uSvsjnWcfxZu6LFUZWEDctUBO0

Score

1^/10

Malware Config

Signatures

Files

2024-07-11_dba0da41bb74711d252ccbd9ef44071e_avoslocker_revil
.exe windows:6 windows x86 arch:x86

783b6be12bf68766a4e027990141a2f5

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:13:b1:c7:f6:71:c7:50:fc:78:16:f8:f4:9d:22:21
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-03-2022 00:00

Not After

07-03-2025 23:59

Subject

SERIALNUMBER=5553772,CN=Teramind Inc.,O=Teramind Inc.,L=Aventura,ST=Florida,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:a5:6d:39:ad:e3:16:6f:3f:b5:1f:eb:08:69:44:0d:e9:55:0b:6f
Signer

Actual PE Digest

33:a5:6d:39:ad:e3:16:6f:3f:b5:1f:eb:08:69:44:0d:e9:55:0b:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\33b2b67282fffa05\out_stealth\Release\ut.pdb

Imports

user32

GetDesktopWindow
MessageBoxW
LoadStringW
GetProcessWindowStation
GetUserObjectInformationW
LoadStringA

advapi32

CryptDestroyHash
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
CopySid
CreateWellKnownSid
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
InitializeAcl
IsValidSid
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
CryptReleaseContext
CryptGetHashParam
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegisterEventSourceW
CryptHashData
CryptCreateHash
RegCreateKeyExA
ReportEventA
RegisterEventSourceA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
CryptAcquireContextW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

shlwapi

UrlEscapeA
PathRemoveFileSpecW

ws2_32

getpeername
sendto
recvfrom
recv
listen
gethostname
getsockname
bind
accept
__WSAFDIsSet
WSAIoctl
socket
htons
ntohs
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
closesocket
connect
ioctlsocket
freeaddrinfo
getaddrinfo
WSASocketW
WSASendTo
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
shutdown
setsockopt
select
getsockopt
ntohl

netapi32

NetUserEnum

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

dbghelp

MiniDumpWriteDump

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

kernel32

FreeLibraryAndExitThread
GetModuleHandleExW
K32EnumProcessModules
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
ConvertThreadToFiberEx
ConvertFiberToThread
GetSystemDirectoryA
FindFirstFileW
CreateFiberEx
DeleteFiber
CreateFileW
OutputDebugStringA
OutputDebugStringW
CloseHandle
GetLastError
DeviceIoControl
ReleaseSRWLockShared
AcquireSRWLockShared
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
LocalFree
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemTimeAsFileTime
GetCurrentThread
GetCurrentThreadId
SleepEx
FormatMessageA
FormatMessageW
WideCharToMultiByte
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
CreateEventW
SetEvent
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjects
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
RaiseException
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ProcessIdToSessionId
GetModuleHandleA
GetProcAddress
ReleaseMutex
GetModuleFileNameA
GetFileInformationByHandle
GetFileSize
ReadFile
K32GetModuleInformation
WriteFile
GetLocalTime
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
SystemTimeToFileTime
CreateFileA
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
RtlCaptureContext
InitializeCriticalSection
CreateSemaphoreW
CreateThread
OpenThread
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
VirtualQueryEx
FreeLibrary
LoadLibraryW
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ResetEvent
GetEnvironmentVariableW
QueryPerformanceCounter
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
Sleep
MultiByteToWideChar
MoveFileExW
CompareFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
GetStringTypeW
TryEnterCriticalSection
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
SetConsoleCtrlHandler
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileExW
AreFileApisANSI
InitializeSListHead
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
SwitchToThread
WaitForMultipleObjectsEx
OpenEventA
GetSystemInfo
GetLogicalProcessorInformation
CreateWaitableTimerA
GetLocaleInfoA
IsValidCodePage
EnumSystemLocalesA
FoldStringW
LCMapStringW
CompareStringW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
IsDBCSLeadByteEx
LCMapStringA
GetStringTypeExA
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitThread
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
SetFilePointer
SwitchToFiber
VirtualLock
VirtualFree
VirtualProtect
VirtualAlloc
ReadConsoleA
SetConsoleMode
GetSystemTime
WriteConsoleW
HeapQueryInformation
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
SetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
GetCurrentProcessorNumber

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

783b6be12bf68766a4e027990141a2f5

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0f:13:b1:c7:f6:71:c7:50:fc:78:16:f8:f4:9d:22:21Certificate

Extended Key Usages

Key Usages

33:a5:6d:39:ad:e3:16:6f:3f:b5:1f:eb:08:69:44:0d:e9:55:0b:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

shell32

ole32

shlwapi

ws2_32

netapi32

crypt32

wtsapi32

dbghelp

bcrypt

kernel32

wldap32

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 1016KB - Virtual size: 1015KB

.data Size: 99KB - Virtual size: 132KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 241KB - Virtual size: 241KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0f:13:b1:c7:f6:71:c7:50:fc:78:16:f8:f4:9d:22:21
Certificate

33:a5:6d:39:ad:e3:16:6f:3f:b5:1f:eb:08:69:44:0d:e9:55:0b:6f
Signer

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 1016KB - Virtual size: 1015KB

.data
Size: 99KB - Virtual size: 132KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 241KB - Virtual size: 241KB