2024-09-15_2828403342f1c81e7797d21b0e94b797_avoslocker_cobalt-strike_hijackloader | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-15_2828403342f1c81e7797d21b0e94b797_avoslocker_cobalt-strike_hijackloader
Size

485KB
MD5

2828403342f1c81e7797d21b0e94b797
SHA1

d27c6468de696e049ddf668738f277edeee02aae
SHA256

7c463ad0efc0e1ffbb9b1a25123b49a0adec9b76d995f5f100dd7a6eefa565d1
SHA512

820e60afc5ad8bb9bab1e7620664fec20dd81a1b67d6603c09c045659d73217a00a2c38feb7f14abc4071b05699e945ce270864d42a11fa7948100d33cadee53
SSDEEP

6144:K7WQ0j4ltziolIGlnE2dFDGrlBu0R+J5JlLgPYfq8ZF02IlLZDr0nXe:Ci4lZioxGfu0R+J5JlLgPbDr0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-15_2828403342f1c81e7797d21b0e94b797_avoslocker_cobalt-strike_hijackloader

Files

2024-09-15_2828403342f1c81e7797d21b0e94b797_avoslocker_cobalt-strike_hijackloader
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ