2024-09-06_0c3a38e0d9dcaa39a077fb7c7fe4e53f_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-06_0c3a38e0d9dcaa39a077fb7c7fe4e53f_avoslocker_cobalt-strike
Size

508KB
MD5

0c3a38e0d9dcaa39a077fb7c7fe4e53f
SHA1

3e7fa5a24419eac15b8c9b507df85f98dcde6a0b
SHA256

7edddd73fe646e72da9614d8ed919f66fed35ea22d29a2b8565f69d7acdd8cee
SHA512

f6db08d401d6dd1256530886e6ec4ad6f08c11e4611b91f423c68aa95dc161c971acb42ce80ac92f8abff363d13cfab8ee7be9348d38bc6c5ea0d47a49997e57
SSDEEP

12288:C66pD4C87t8NU+pHu5aLumWQMEi6h/t3zMzWIKbWlH6NzYfioxkvwIa0b:A7Nl/t3zMzLKb5MH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-06_0c3a38e0d9dcaa39a077fb7c7fe4e53f_avoslocker_cobalt-strike

Files

2024-09-06_0c3a38e0d9dcaa39a077fb7c7fe4e53f_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

12e3aede0d6af843de3053968482257e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\ttol\bin\mudadm\mudadm.pdb

Imports

advapi32

CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid

dbghelp

SymInitialize
SymFromAddr

iphlpapi

GetAdaptersInfo
GetIpForwardTable

user32

MessageBoxA

winhttp

WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpOpen

ws2_32

inet_ntop
WSAGetLastError
WSAStartup
shutdown
setsockopt
bind
send
connect
inet_ntoa
inet_addr
htonl
ioctlsocket
closesocket
WSASetLastError
listen
select
socket
getaddrinfo
freeaddrinfo
getpeername
getsockname
ntohs
getnameinfo
sendto
__WSAFDIsSet
recv

kernel32

ReadConsoleW
HeapSize
GetTimeZoneInformation
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
HeapReAlloc
WideCharToMultiByte
DeleteFileW
MultiByteToWideChar
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
DecodePointer
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
GetCommandLineA
SetCurrentDirectoryA
CreateFileA
ReadFile
GetTempPathA
GetTempFileNameA
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetVersionExA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageA
CreateFileMappingA
OpenFileMappingA
DuplicateHandle
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentThread
GetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
CreateSemaphoreA
SystemTimeToFileTime
ExpandEnvironmentStringsA
CreateProcessA
RtlCaptureStackBackTrace
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteFile
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
CreateProcessW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
CreateFileW

Sections

.text
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12e3aede0d6af843de3053968482257e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

dbghelp

iphlpapi

user32

winhttp

ws2_32

kernel32

Sections

.text Size: 414KB - Virtual size: 414KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 33KB - Virtual size: 41KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 414KB - Virtual size: 414KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 33KB - Virtual size: 41KB

.reloc
Size: 14KB - Virtual size: 13KB