2024-08-23_5a837bd6ff7fb88fb1e65fad5fe83012_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-23_5a837bd6ff7fb88fb1e65fad5fe83012_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

5a837bd6ff7fb88fb1e65fad5fe83012
SHA1

41eb9b321c53836cf443943663090443ff31221b
SHA256

63d42fbde024c2b775f1f7a6306545ccd4ce4f130111e4a224ba0d722a59e7b2
SHA512

b3a3599aa36e0fdf5adcc046dc123264f7e3f4785f7bffd360211ab46d263604702542392babdfcb503dd2be2bb33d14ac6241b329029104034453cd7df30e41
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFDqrlBu0R+J5JlLgPYfq8ZF02IlLZDU0nXe:Ci4lZioxqfu0R+J5JlLgPbDU0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-23_5a837bd6ff7fb88fb1e65fad5fe83012_avoslocker_cobalt-strike_hijackloader

Files

2024-08-23_5a837bd6ff7fb88fb1e65fad5fe83012_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ