2024-08-25_aeea8674b754f22c2c0d225d89c5420e_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-25_aeea8674b754f22c2c0d225d89c5420e_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

aeea8674b754f22c2c0d225d89c5420e
SHA1

e5a80ebedd898c2ca879461d2998566e3a86a875
SHA256

aac728651155689a18be4ee433f44b106ee128da36c6947d40fcd96d62e5a14c
SHA512

1721cddb61eceab82f53ee7645f82385ea1987c2ed3c007319ec0dbffa67e036bd31b15503d9e51724782ad29fe3fa4a9488608ad5d8100b10e2c8f00a2af1bf
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFDdrlBu0R+J5JlLgPYfq8ZF02IlLZD70nXe:Ci4lZioxdfu0R+J5JlLgPbD70n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-25_aeea8674b754f22c2c0d225d89c5420e_avoslocker_cobalt-strike_hijackloader

Files

2024-08-25_aeea8674b754f22c2c0d225d89c5420e_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ