cryptbot | 2024-09-05_5704c682103cd2d8e14567f0a382a93a_avoslocker_cobalt-strike_cryptbot

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-05_5704c682103cd2d8e14567f0a382a93a_avoslocker_cobalt-strike_cryptbot
Size

896KB
MD5

5704c682103cd2d8e14567f0a382a93a
SHA1

10fa94fee212711951b5176bdfd5e6081dd93c68
SHA256

840e0e04268b8983f6d80db9e906358420b5a2a00f793124f1d85e6ca0ed4478
SHA512

fca082dc55eef9e4c6d2d0cbbdf19c1b2cdaa404e293456e08325ff6d252ff27912e6c85194e9bf16e1eef115dfddf89250951cba4d0f1cfefd309aeaa10be42
SSDEEP

24576:EME9lCEUEtlfyKbdkuiXwZ/D1RxwOwlSjUEr8bbOYcgHQP:ENnD7ZkuNh94EQbbPcgHQP

Score

10^/10

cryptbot

Malware Config

Signatures

CryptBot payload 1 IoCs

resource	yara_rule
sample	family_cryptbot

Cryptbot family
cryptbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-05_5704c682103cd2d8e14567f0a382a93a_avoslocker_cobalt-strike_cryptbot

Files

2024-09-05_5704c682103cd2d8e14567f0a382a93a_avoslocker_cobalt-strike_cryptbot
.exe windows:6 windows x86 arch:x86

b75a0e10d09dc263c2f3a47cd7d7c747

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
GetModuleFileNameW
GetUserDefaultLocaleName
FindClose
GetLocaleInfoW
LocalAlloc
GetFileAttributesW
MultiByteToWideChar
GetFileAttributesA
CreateFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapAlloc
LocalFree
GetFileSize
GetComputerNameW
GetProcessHeap
GlobalMemoryStatusEx
WideCharToMultiByte
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
VirtualAlloc
CreateFileW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetFileSizeEx
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
WriteConsoleW
GetConsoleCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
DecodePointer
FreeEnvironmentStringsW
WriteFile
FindNextFileW
HeapFree
FindFirstFileW
ExitProcess
Sleep
CreateDirectoryW
CloseHandle
GetTempPathA
GetPrivateProfileStringW
SetFilePointer
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FormatMessageW
ExpandEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW

user32

GetWindowDC
wsprintfW
GetDesktopWindow
GetKeyboardLayoutList
GetSystemMetrics
GetWindowRect

gdi32

BitBlt
SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
DeleteDC
RestoreDC
DeleteObject

advapi32

GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHFileOperationW

crypt32

CryptUnprotectData

gdiplus

GdipSaveImageToFile
GdipGetImageEncodersSize
GdipFree
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipDisposeImage

wininet

HttpSendRequestW
InternetCloseHandle
InternetOpenUrlW
HttpOpenRequestW
InternetConnectW
InternetReadFile
InternetOpenW

Sections

.text
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b75a0e10d09dc263c2f3a47cd7d7c747

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

crypt32

gdiplus

wininet

Sections

.text Size: 766KB - Virtual size: 765KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 766KB - Virtual size: 765KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB