2024-09-02_d8cc467739bb28ee0a10f2e3379b7f0e_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-02_d8cc467739bb28ee0a10f2e3379b7f0e_avoslocker_cobalt-strike
Size

891KB
MD5

d8cc467739bb28ee0a10f2e3379b7f0e
SHA1

0655c13f5b59d14e996574a7828b7ae55357c354
SHA256

03d26eb6f9de143846ae74ce98c25d2a4956d840e5d1fd3bd08103d32212af24
SHA512

b5a74b089cf589c24123994e77276ee6d0124d2b6f99e1813e435d854c1fb857823eb27dc65b4bc24c9092ed8f500fc2360a51a28ad8b1ee66f84fd2f61fc602
SSDEEP

24576:ju1UVRXnz/Pa6C4mHvc1OL7phys4kTuIVBg1E:juiza6C4moOL794kiYgq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-02_d8cc467739bb28ee0a10f2e3379b7f0e_avoslocker_cobalt-strike

Files

2024-09-02_d8cc467739bb28ee0a10f2e3379b7f0e_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

504e33b81dd1bdfab0cc6bff3736427c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
MapViewOfFile
UnmapViewOfFile
OpenMutexA
CreateFileMappingA
OpenFileMappingA
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToFileTime
FlushFileBuffers
SetFilePointerEx
FormatMessageW
GetFileInformationByHandle
ReleaseSemaphore
CreateSemaphoreW
IsProcessorFeaturePresent
GetSystemInfo
GetVersion
VirtualAlloc
VirtualFree
GetModuleHandleA
GlobalMemoryStatus
GetProcessAffinityMask
VerSetConditionMask
VerifyVersionInfoW
GetGeoInfoW
GetUserGeoID
GetUserDefaultUILanguage
OutputDebugStringW
GetPrivateProfileStringW
CreateFileA
GetVolumeInformationA
DeviceIoControl
GetWindowsDirectoryA
K32GetProcessImageFileNameW
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
MoveFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
DuplicateHandle
GetPrivateProfileSectionNamesW
GetProcAddress
OpenProcess
SetFileAttributesW
GetCurrentDirectoryW
TerminateThread
FormatMessageA
GetThreadPreferredUILanguages
ResetEvent
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
GlobalAlloc
GetTickCount64
LoadLibraryA
FreeLibrary
CopyFileW
GetFileSizeEx
GetFileAttributesW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
CreateProcessW
GetExitCodeProcess
SetLastError
K32EnumProcesses
LocalFree
GetModuleFileNameW
IsWow64Process
GetVersionExW
GetCurrentProcess
GetTempPathW
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ReleaseMutex
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CloseHandle
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
CreateFileW
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
CreateMutexW
GetCurrentThreadId
SetEvent
DeleteFileW
DecodePointer
InitializeCriticalSectionEx
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCPInfo
GetStringTypeW
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
InitializeCriticalSection
FindClose
FindFirstFileW
Sleep
FindFirstFileExW

user32

EndPaint
BeginPaint
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
TranslateMessage
AdjustWindowRectEx
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
GetMenu
MsgWaitForMultipleObjectsEx
MessageBoxW
GetSystemMetrics
GetKeyState
PostThreadMessageW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
GetDlgItem
CharNextW
GetClassNameW
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableW
PeekMessageW
UnregisterClassW
DispatchMessageW
GetClientRect
GetWindow
LoadCursorW
DestroyAcceleratorTable

gdi32

CreateCompatibleBitmap
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
BitBlt

advapi32

GetAclInformation
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
CryptGenRandom
RegSetKeySecurity
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
ImpersonateSelf
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
RevertToSelf
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
MakeSelfRelativeSD
MakeAbsoluteSD
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetLengthSid
GetAce
CopySid
AddAce

shell32

SHGetKnownFolderPath
SHGetFolderPathW
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CoAddRefServerProcess
CoReleaseServerProcess
CoGetClassObject
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc

oleaut32

VariantChangeType
CreateDispTypeInfo
DispGetIDsOfNames
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect

shlwapi

PathFileExistsW

secur32

GetUserNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetQueryOptionA
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

rpcrt4

UuidCreate

iphlpapi

GetAdaptersInfo

crypt32

CryptVerifyMessageSignature
CertNameToStrW
CertFreeCertificateContext

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData

wintrust

WinVerifyTrust

Sections

.text
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

504e33b81dd1bdfab0cc6bff3736427c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

secur32

version

wininet

rpcrt4

iphlpapi

crypt32

imagehlp

wintrust

Sections

.text Size: 478KB - Virtual size: 478KB

.pecode Size: 16KB - Virtual size: 16KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 197KB - Virtual size: 197KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 478KB - Virtual size: 478KB

.pecode
Size: 16KB - Virtual size: 16KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 197KB - Virtual size: 197KB

.reloc
Size: 27KB - Virtual size: 27KB