2024-09-11_d69adbee8636480e1bbbc4bc868a3bd7_avoslocker_cobalt-strike

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-11_d69adbee8636480e1bbbc4bc868a3bd7_avoslocker_cobalt-strike
Size

426KB
MD5

d69adbee8636480e1bbbc4bc868a3bd7
SHA1

24f2ccef0ffec19bd55b9d010df448b21fd69cbd
SHA256

f4f6d9f1854dc0d26bbbb63621f5b243e69e243a98c1bd99d9619e9ada912268
SHA512

434c6f144d665f40b3f2cf53f3f49caa3ef39ccecbc1ff92184e46e9c0d4bc478d53046db648217b2dc74cb3629e3304df2ecd7c5b1856b11d258c1c8500d5a9
SSDEEP

12288:+XqGDjGzNw1LfXw/ale8dwcBdw9baKbl2esiJ1dJXS1F0gNK1wR13+sWN6Uaf3kd:+XqwtG/SX5CFFEr7Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-11_d69adbee8636480e1bbbc4bc868a3bd7_avoslocker_cobalt-strike

Files

2024-09-11_d69adbee8636480e1bbbc4bc868a3bd7_avoslocker_cobalt-strike
.exe windows:6 windows x86 arch:x86

c81829edbfafa3849a652d1b318f41a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState
InternetAttemptConnect
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionA
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

shlwapi

PathFileExistsW

user32

OpenClipboard
SetClipboardData
GetClipboardData
TranslateMessage
GetMessageW
GetKeyboardLayout
DispatchMessageW
CloseClipboard
GetWindowTextW
EmptyClipboard
SetProcessDPIAware
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IsClipboardFormatAvailable
GetDC
GetForegroundWindow
GetKeyboardState
GetAsyncKeyState
GetKeyState
ToUnicodeEx

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW

rstrtmgr

RmRegisterResources
RmGetList
RmEndSession
RmStartSession
RmShutdown

crypt32

CryptUnprotectData

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetDeviceCaps
SelectObject

gdiplus

GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders

kernel32

GetACP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
GetOEMCP
HeapFree
WriteFile
WriteConsoleW
GetFileType
GetStdHandle
QueryPerformanceFrequency
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
RaiseException
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
HeapAlloc
GetModuleHandleW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
GetFileSizeEx
ReadFile
CloseHandle
GetLastError
SetLastError
WaitForSingleObject
CreateMutexA
Sleep
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateThread
FreeLibrary
GetModuleFileNameW
SetEndOfFile
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
SetThreadExecutionState
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c81829edbfafa3849a652d1b318f41a0

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

user32

shell32

rstrtmgr

crypt32

gdi32

gdiplus

kernel32

Sections

.text Size: 334KB - Virtual size: 333KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 5KB - Virtual size: 15KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 334KB - Virtual size: 333KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 5KB - Virtual size: 15KB

.reloc
Size: 17KB - Virtual size: 16KB