2024-08-24_f2bb743cdea968b1451e4a5a319256ea_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-24_f2bb743cdea968b1451e4a5a319256ea_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

f2bb743cdea968b1451e4a5a319256ea
SHA1

97038d884bb1a406b0781960976ead2bc2969345
SHA256

d139507c6c86147debaab272e4ef6387572b305a9fb7af1d418cb18de52e8ca9
SHA512

cd53b62067015b606f5f9669a3ff0a35f8fb4446f1ca4d5f51fab35f408a38f9b8e45e576c270012afe58bcc5af8f6de5db778e0ab0b4e2f1c163453d4159501
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFD/rlBu0R+J5JlLgPYfq8ZF02IlLZDAK0nXe:Ci4lZiox/fu0R+J5JlLgPbDR0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-24_f2bb743cdea968b1451e4a5a319256ea_avoslocker_cobalt-strike_hijackloader

Files

2024-08-24_f2bb743cdea968b1451e4a5a319256ea_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ