2024-09-03_fec4dd4efdf265d6a027ee5b9e32e499_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

General

Target

2024-09-03_fec4dd4efdf265d6a027ee5b9e32e499_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

fec4dd4efdf265d6a027ee5b9e32e499
SHA1

ef1916c7e96e33c7594699e508a3717fdaf2ba12
SHA256

9aba0e4154512346ca5830f4999f6d8e74f0b1d363cd2156577123c3f3491c7e
SHA512

fb7ba89dc223468d1cde3c8013304e520482d2d76527b49c84af8da52f28f961bf02108b74c894c8ed4d1169b2280d314cfa1dbb1278890298474dab95b9ebab
SSDEEP

6144:C7WQ0j4ltziolIGlnE2dFDRrlBu0R+J5JlLgPYfq8ZF02IlLZDd0nXe:qi4lZioxRfu0R+J5JlLgPbDd0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_fec4dd4efdf265d6a027ee5b9e32e499_avoslocker_cobalt-strike_hijackloader

Files

2024-09-03_fec4dd4efdf265d6a027ee5b9e32e499_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ