2024-05-10_23fc4099e0a2ccb6961e73240011879b_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-10_23fc4099e0a2ccb6961e73240011879b_cobalt-strike_megazord
Size

802KB
MD5

23fc4099e0a2ccb6961e73240011879b
SHA1

36b3599593fc55b69902fc6bd6f0e203e452f502
SHA256

5011fa35577ba98e80be3954e2df4bb5021db7acf53227b9e1f1755c1d051d9b
SHA512

2cf59a75a14c5ed9d108bb38347567bc148526aa8ebb2ce635f153a70a558a277811d2f57527142c136a65bf21c5a07445f373f089424d3145eebbfcb53f5c9f
SSDEEP

12288:IpUp1B/m/jf0KS0hyquEdD1sQj9+edZAsReShZl+gqFBceAA:IhfKxqNjMebAqgPBc1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-10_23fc4099e0a2ccb6961e73240011879b_cobalt-strike_megazord

Files

2024-05-10_23fc4099e0a2ccb6961e73240011879b_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

aadef6ea493ea2ecb8110e9aedd1f95a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapReAlloc
GlobalLock
GlobalSize
WideCharToMultiByte
GlobalUnlock
AcquireSRWLockExclusive
WakeAllConditionVariable
SwitchToThread
SleepConditionVariableSRW
WakeConditionVariable
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetCurrentThread
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
CreateFileW
GetFileInformationByHandle
Sleep
GetFullPathNameW
SetFilePointerEx
FindNextFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetHandleInformation
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
LocalFree
OpenProcess
VirtualQueryEx
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetTickCount64
GetConsoleOutputCP
FlushFileBuffers
HeapSize
GetComputerNameExW
CloseHandle
FindClose
GetLastError
FindFirstFileW
GetCurrentThreadId
GetFileInformationByHandleEx
HeapFree
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
TerminateProcess
WriteFile
RtlPcToFileHeader
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
EncodePointer
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
RtlVirtualUnwind

ntdll

RtlGetVersion
NtQuerySystemInformation
NtQueryInformationProcess

advapi32

SystemFunction036
LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetUserNameW

iphlpapi

GetIfEntry2

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

VariantClear
SafeArrayDestroy
SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData

pdh

PdhAddEnglishCounterW
PdhCollectQueryData
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetModuleFileNameExW

shell32

CommandLineToArgvW

user32

OpenClipboard
GetAsyncKeyState
GetWindowTextW
CloseClipboard
GetClipboardData
GetForegroundWindow

ws2_32

WSAGetLastError
getaddrinfo
closesocket
freeaddrinfo
WSACleanup
WSAStartup
recv
WSASocketW
connect
send

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aadef6ea493ea2ecb8110e9aedd1f95a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

advapi32

iphlpapi

ole32

oleaut32

pdh

powrprof

psapi

shell32

user32

ws2_32

bcrypt

Sections

.text Size: 541KB - Virtual size: 540KB

.rdata Size: 233KB - Virtual size: 233KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 17KB - Virtual size: 16KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 541KB - Virtual size: 540KB

.rdata
Size: 233KB - Virtual size: 233KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 17KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 5KB - Virtual size: 4KB