2024-08-29_811bc5bb876e77d0cbbc5d7092df8ce6_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_811bc5bb876e77d0cbbc5d7092df8ce6_avoslocker_cobalt-strike
Size

353KB
MD5

811bc5bb876e77d0cbbc5d7092df8ce6
SHA1

e5dce72eb0b03c1ff296126a63c44c8456c54508
SHA256

9d9edcd743872eb939bf374aa91485a7090e06b3fe4450513d2e805e8631161c
SHA512

9dbdebaf337287a102b72587515668661a9d2ca11c6b708c93bf698da2e1557b6ff322b8c734c6cbb8e22768676c255953c4e5172f200241f6caadb751420713
SSDEEP

6144:eB9+FsHrgF+wQPZ0J0FeGeerkdq3rBlc/6ht8bQsun/iTiflcL8SgHrW6ryWVCaP:eB1gFNQh20FeGeeiq3Nrt8bQsun/R9cM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-29_811bc5bb876e77d0cbbc5d7092df8ce6_avoslocker_cobalt-strike

Files

2024-08-29_811bc5bb876e77d0cbbc5d7092df8ce6_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

8c6d8a4d99eba08289b15d8aca1e9fd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bamboo-agent-home\xml-data\build-dir\PGSC-MON63-JOB1\monolith\Build\ProtectorPackaging\Release\LMInstaller.pdb

Imports

kernel32

CreateFileA
GetVolumeInformationA
DeviceIoControl
GetWindowsDirectoryA
SetLastError
GetCurrentProcessId
ReleaseMutex
CreateMutexA
MapViewOfFile
UnmapViewOfFile
OpenMutexA
CreateFileMappingA
OpenFileMappingA
CreateFileW
GetFileSize
ReadFile
WriteFile
CreateMutexW
GetTickCount
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
K32GetProcessImageFileNameW
WriteConsoleW
GetFileAttributesW
FindNextFileW
FindClose
CreateDirectoryW
FormatMessageA
GetTickCount64
WaitForSingleObject
DuplicateHandle
OpenProcess
CloseHandle
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
GetCurrentThreadId
GetLastError
GetCurrentThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
K32EnumProcesses
LocalFree
GetModuleFileNameW
Sleep
GetCurrentProcess
MultiByteToWideChar
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetConsoleCP
LCMapStringW
ReadConsoleW
GetConsoleMode
ExitProcess
GetStdHandle
GetModuleHandleExW
GetFileType
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary

advapi32

RegDeleteKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptGetHashParam
RegSetValueExA
RegSetKeySecurity
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
ImpersonateSelf
GetUserNameW
CryptGenRandom
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
RevertToSelf
ImpersonateLoggedOnUser
OpenThreadToken
OpenProcessToken

shell32

SHGetKnownFolderPath

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

secur32

GetUserNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rrdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c6d8a4d99eba08289b15d8aca1e9fd9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

oleaut32

secur32

iphlpapi

Sections

.text Size: 174KB - Virtual size: 174KB

.pecode Size: 33KB - Virtual size: 32KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 7KB

.rrdata Size: 64KB - Virtual size: 64KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 174KB - Virtual size: 174KB

.pecode
Size: 33KB - Virtual size: 32KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 7KB

.rrdata
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB