2024-08-21_2444158111a7284799a2e025525efeef_avoslocker_hijackloader_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-21_2444158111a7284799a2e025525efeef_avoslocker_hijackloader_revil
Size

1.9MB
MD5

2444158111a7284799a2e025525efeef
SHA1

8331dbebc4fcb789efca2c08c8335b2c074f1606
SHA256

c61c5e949b9ce5144a29058baf42c2332712d5bd53fdb00918ca42a8f60e812b
SHA512

903963e05f5f9e8c0647f930876532edad863d09c608aad614103db3985c8979aa657bae4d4b76078e58093c04689c4610cba2e0d5f69e9f94112403c742e1f1
SSDEEP

49152:gE+xPilAAJfkpgXVT5l2AsQe1650pvpdUIYPBk9UU7n7:gRxPilAQfkpgXV0165mxJ3

Score

1^/10

Malware Config

Signatures

Files

2024-08-21_2444158111a7284799a2e025525efeef_avoslocker_hijackloader_revil
.exe windows:6 windows x86 arch:x86

fbd989b579ed317cfb0af67203036a11

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ff:a7:43:91:2d:b0:94:b0:a2:74:57:b3:71:ee:61
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

29/08/2025, 23:59

Subject

CN=Qustodio Technologies SL,O=Qustodio Technologies SL,L=Barcelona,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:7d:11:50:60:f6:ef:55:ba:59:d0:56:be:48:23:a5:cf:d4:85:38:ce:69:c5:a0:a9:60:36:c4:7b:89:c8:e6
Signer

Actual PE Digest

9d:7d:11:50:60:f6:ef:55:ba:59:d0:56:be:48:23:a5:cf:d4:85:38:ce:69:c5:a0:a9:60:36:c4:7b:89:c8:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\desktop-pipeline_release_194\client\WindowsInstaller\Release_Static\QustodioInstaller.pdb

Imports

htmlayout

HTMLayoutSetElementInnerText16
HTMLayoutUpdateElement
HTMLayoutSetStyleAttribute
ValueFloatDataSet
HTMLayoutControlGetValue
ValueStringData
ValueStringDataSet
ValueClear
ValueInit
HTMLayoutLoadHtml
HTMLayoutDataReady
HTMLayoutSetCallback
HTMLayoutGetRootElement
HTMLayoutWindowAttachEventHandler
HTMLayoutSetElementInnerText
HTMLayoutControlSetValue
HTMLayoutVisitElements
HTMLayoutGetAttributeByName
HTMLayoutSetAttributeByName
HTMLayout_UnuseElement
HTMLayoutProcND
HTMLayout_UseElement

urlmon

URLDownloadToFileW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathA

kernel32

FindFirstFileW
FindClose
FormatMessageA
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateProcessW
GetExitCodeProcess
TlsFree
GetSystemDirectoryW
GetDiskFreeSpaceW
MultiByteToWideChar
OutputDebugStringA
GetCurrentDirectoryW
OutputDebugStringW
AllocConsole
SetLastError
GetTickCount
Sleep
SleepEx
GetVersionExA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
FreeLibrary
GetFileInformationByHandle
LoadLibraryA
ExpandEnvironmentStringsA
GetModuleHandleA
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTime
CreateDirectoryA
GetNativeSystemInfo
GetModuleFileNameW
InitializeCriticalSectionEx
FlushConsoleInputBuffer
GetVersion
GlobalMemoryStatus
QueryPerformanceCounter
DecodePointer
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleInputW
SetConsoleMode
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
GetFileSizeEx
HeapFree
GetConsoleOutputCP
ReadConsoleW
WriteFile
LocalFree
FormatMessageW
DeleteFileW
CloseHandle
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
ReadFile
GetProcAddress
GetConsoleMode
SetFilePointerEx
ExitProcess
GetConsoleCP
FreeLibraryAndExitThread
EncodePointer
ExitThread
CreateThread
WriteConsoleW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetConsoleCtrlHandler
LoadLibraryExW
TlsSetValue
TlsGetValue
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
RaiseException
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
DeleteCriticalSection
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
InitOnceBeginInitialize
GetStringTypeW
WaitForSingleObjectEx
GetExitCodeThread
LCMapStringEx

user32

MessageBoxA
SetForegroundWindow
DestroyWindow
LoadStringW
MessageBoxW
SetTimer
KillTimer
LoadImageW
ShowWindow
PostMessageW
TranslateMessage
DispatchMessageW
LoadAcceleratorsW
TranslateAcceleratorW
LoadCursorW
RegisterClassExW
GetSystemMetrics
CreateWindowExW
ShowScrollBar
UpdateWindow
DialogBoxParamW
DefWindowProcW
GetMessageW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCreateKeyExA
RegisterEventSourceA
DeregisterEventSource
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
ReportEventA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

ole32

CoUninitialize
OleInitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantChangeType
VariantClear
SysAllocString
SysFreeString
VariantInit

ws2_32

sendto
WSAStartup
WSACleanup
__WSAFDIsSet
select
WSASetLastError
WSAGetLastError
recv
send
bind
ioctlsocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
gethostbyname
accept
listen
recvfrom
closesocket
shutdown

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbd989b579ed317cfb0af67203036a11

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:ff:a7:43:91:2d:b0:94:b0:a2:74:57:b3:71:ee:61Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9d:7d:11:50:60:f6:ef:55:ba:59:d0:56:be:48:23:a5:cf:d4:85:38:ce:69:c5:a0:a9:60:36:c4:7b:89:c8:e6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

htmlayout

urlmon

shell32

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 397KB - Virtual size: 397KB

.data Size: 51KB - Virtual size: 64KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 69KB - Virtual size: 69KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:ff:a7:43:91:2d:b0:94:b0:a2:74:57:b3:71:ee:61
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9d:7d:11:50:60:f6:ef:55:ba:59:d0:56:be:48:23:a5:cf:d4:85:38:ce:69:c5:a0:a9:60:36:c4:7b:89:c8:e6
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 397KB - Virtual size: 397KB

.data
Size: 51KB - Virtual size: 64KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 69KB - Virtual size: 69KB