2024-09-07_76fc20fb4777f98f260e1c155fec7dc4_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

General

Target

2024-09-07_76fc20fb4777f98f260e1c155fec7dc4_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

76fc20fb4777f98f260e1c155fec7dc4
SHA1

4723e9ff6db20b1994b87b84cb0edf3c0a358ee7
SHA256

53629603cef09920ba1dfeb16fcddf1b441dde3fca9f42eb4c3538f5ece1f443
SHA512

10858d7b908bb1f9ded6a3522aa0942c7ef258875f1d7a2b7fbd99d6f0c2e67a863c437fc9b6353576d22507414d84bc7801ff592b857142790ae97e6a3fb9c9
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFD3rlBu0R+J5JlLgPYfq8ZF02IlLZDv0nXe:Ci4lZiox3fu0R+J5JlLgPbDv0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-07_76fc20fb4777f98f260e1c155fec7dc4_avoslocker_cobalt-strike_hijackloader

Files

2024-09-07_76fc20fb4777f98f260e1c155fec7dc4_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ