2024-11-21_169c109fcb0c747cfe80734e94fb2324_avoslocker_cobalt-strike_luca-stealer

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-21_169c109fcb0c747cfe80734e94fb2324_avoslocker_cobalt-strike_luca-stealer
Size

881KB
MD5

169c109fcb0c747cfe80734e94fb2324
SHA1

26f6929fc675f8b63bf7f5837d58e37ed4f0378e
SHA256

7572b7597accdd220bcabdd337c2479d4b1bfc45aca71ef23acd79ad6949499e
SHA512

09199ce9011c0811b3b45834e3c7b87d7323809b381c4e1d327dc6f26d0f9709287f5bc1453ebd8a6a6316e3631e17081b72a59d60a2d6a68e13e02863bc7b4a
SSDEEP

24576:FfXAuZSzePWK2FGkRXwSInFwLAXvcgfah36ZzY:aJzUjXkgfwqZzY

Score

1^/10

Malware Config

Signatures

Files

2024-11-21_169c109fcb0c747cfe80734e94fb2324_avoslocker_cobalt-strike_luca-stealer
.exe windows:6 windows x86 arch:x86

040752030d07cc2c3b967073ba5119de

Code Sign

33:00:00:03:1a:2c:ba:73:4c:c5:c6:2c:9e:00:00:00:00:03:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:29

Not After

03-03-2021 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:94:02:c4:70:42:ed:44:9f:4f:e4:74:19:c8:6e:9c:3c:e7:03:09:4e:a2:77:fb:f5:d9:8d:df:fa:2a:23:02
Signer

Actual PE Digest

3a:94:02:c4:70:42:ed:44:9f:4f:e4:74:19:c8:6e:9c:3c:e7:03:09:4e:a2:77:fb:f5:d9:8d:df:fa:2a:23:02

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\scvhost\Release\scvhost.pdb

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSectionEx
FindClose
WaitForSingleObject
GetModuleHandleA
OpenProcess
HeapSize
CreateToolhelp32Snapshot
CreateEventW
Sleep
GetTempPathA
FormatMessageW
CopyFileA
GetLastError
Process32NextW
SetEvent
TerminateThread
TlsAlloc
Process32FirstW
InitializeCriticalSectionAndSpinCount
CloseHandle
RaiseException
ResetEvent
HeapAlloc
QueueUserAPC
DecodePointer
GetProcAddress
LocalFree
DeleteCriticalSection
GetProcessHeap
CreateProcessW
WideCharToMultiByte
SleepEx
TlsGetValue
TlsFree
FormatMessageA
IsDebuggerPresent
WriteConsoleW
CreateFileW
SetStdHandle
WaitForMultipleObjects
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
EnterCriticalSection
HeapFree
TlsSetValue
HeapReAlloc
FindFirstFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
ReadFile
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetCurrentThreadId
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
OutputDebugStringW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
RtlUnwind
InterlockedPushEntrySList
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DeleteFileW
MoveFileExW
SetEndOfFile

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegGetValueA
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

WSAStartup
WSACleanup

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

Sections

.text
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

040752030d07cc2c3b967073ba5119de

Code Sign

33:00:00:03:1a:2c:ba:73:4c:c5:c6:2c:9e:00:00:00:00:03:1aCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

3a:94:02:c4:70:42:ed:44:9f:4f:e4:74:19:c8:6e:9c:3c:e7:03:09:4e:a2:77:fb:f5:d9:8d:df:fa:2a:23:02Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

ws2_32

bcrypt

Sections

.text Size: 552KB - Virtual size: 552KB

.rdata Size: 170KB - Virtual size: 169KB

.data Size: 23KB - Virtual size: 31KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 34KB - Virtual size: 33KB

33:00:00:03:1a:2c:ba:73:4c:c5:c6:2c:9e:00:00:00:00:03:1a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

3a:94:02:c4:70:42:ed:44:9f:4f:e4:74:19:c8:6e:9c:3c:e7:03:09:4e:a2:77:fb:f5:d9:8d:df:fa:2a:23:02
Signer

.text
Size: 552KB - Virtual size: 552KB

.rdata
Size: 170KB - Virtual size: 169KB

.data
Size: 23KB - Virtual size: 31KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 34KB - Virtual size: 33KB