2024-08-23_291fa155e291a3170e837a815142d9a1_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-23_291fa155e291a3170e837a815142d9a1_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

291fa155e291a3170e837a815142d9a1
SHA1

6a20d7e256f3161ab4db24d6a7481e9702d56ffa
SHA256

9abc0cde773cbea4564a4cbf78b5a04a23ae59fb8ce735b8e6b5a81e7c40cd2b
SHA512

fd9f3f4c71471d8c657de72e960821384a978f2e10eae3ab04b1ddd089ad38faa4f12fdb81180cd96a71454ac6918ce42ae2bc88dd556b722e74217c47154000
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFDDrlBu0R+J5JlLgPYfq8ZF02IlLZDF0nXe:Ci4lZioxDfu0R+J5JlLgPbDF0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-23_291fa155e291a3170e837a815142d9a1_avoslocker_cobalt-strike_hijackloader

Files

2024-08-23_291fa155e291a3170e837a815142d9a1_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ