2024-08-05_cac19c6a270ef40e45f296c2c5fb2857_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-05_cac19c6a270ef40e45f296c2c5fb2857_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

cac19c6a270ef40e45f296c2c5fb2857
SHA1

3e80a49253f79a2c425fa6d55cedaae5350b95e5
SHA256

196ef860a883a6dca6c204a0999dd7ab03431747c2feaf4b0acdc80191b5c1d5
SHA512

8a33b99b391d59289a916e1287151367f707116fa2101dfe053ce5875ac46eec0fab1dc3d3dab2651347fc53ad1e3c62dce5a6eb8188f85f7c150e6c38115c0c
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFDsrlBu0R+J5JlLgPYfq8ZF02IlLZDE0nXe:Ci4lZioxsfu0R+J5JlLgPbDE0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-05_cac19c6a270ef40e45f296c2c5fb2857_avoslocker_cobalt-strike_hijackloader

Files

2024-08-05_cac19c6a270ef40e45f296c2c5fb2857_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ