2024-09-13_8ea762dee1b2d4c5f3ca947ecad1dea7_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

General

Target

2024-09-13_8ea762dee1b2d4c5f3ca947ecad1dea7_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

8ea762dee1b2d4c5f3ca947ecad1dea7
SHA1

51444a92c3436596cbe75c53d1c362822b4a37ef
SHA256

e1d4a48950194f06535117629bbcd27796c11c86eed5dce5b2d3ae6469e2a25b
SHA512

cd1882da4f24ac9112818bec5f2e70671606873d8de9a83f9706cd480c09384b0035693ad68b296af2a03c8fe56bcc31e6a2bb5eefd7c486712d36cb94bb3c93
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFD5rlBu0R+J5JlLgPYfq8ZF02IlLZDC0nXe:Ci4lZiox5fu0R+J5JlLgPbDC0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-13_8ea762dee1b2d4c5f3ca947ecad1dea7_avoslocker_cobalt-strike_hijackloader

Files

2024-09-13_8ea762dee1b2d4c5f3ca947ecad1dea7_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ