2024-06-25_7c95241d51417eab1a7bcae479eaad77_megazord

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-25_7c95241d51417eab1a7bcae479eaad77_megazord
Size

6.8MB
MD5

7c95241d51417eab1a7bcae479eaad77
SHA1

233674c2af6212e8482ae915e9f7066941492d52
SHA256

a35148a30464b90ecb3477d8d67cfbdcd15163159bb449685405c78264ffd045
SHA512

cf8d5f15519a4abab1bc11d8cc17efeb3629c34f815c7796d85f61d56f1269184841c8891d16bc455fb3187959fe745c25fcc8daf1ef1986607ff85799b0309f
SSDEEP

98304:HTaBxX1nMGpph5vOoOkRbNHr7LN7oTa+YYEZ3:NGmoDJh7x0H

Score

10^/10

Malware Config

Signatures

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Detects executables containing commands for clearing Windows Event Logs 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_ClearWinLogs

Detects executables embedding anti-forensic artifacts of deleting Windows Recent Items 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_DeleteRecentItems

Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_7c95241d51417eab1a7bcae479eaad77_megazord

Files

2024-06-25_7c95241d51417eab1a7bcae479eaad77_megazord
.exe windows:6 windows x64 arch:x64

b60e15f54bf7a13b8ce7f64190111dfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHCreateItemFromParsingName
DragFinish
SHAppBarMessage
ShellExecuteW
DragQueryFileW
CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
OleInitialize
CreateStreamOnHGlobal
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree

kernel32

GetLogicalProcessorInformation
GetSystemInfo
GetQueuedCompletionStatusEx
lstrlenW
WaitNamedPipeW
CreateFileW
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryExA
GetCurrentProcess
SetEvent
WaitForSingleObject
CreateEventW
SetHandleInformation
HeapReAlloc
SetEnvironmentVariableW
GetCurrentThread
ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
GetModuleHandleW
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
InitializeSListHead
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFileInformationByHandleEx
SetThreadStackGuarantee
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
AddVectoredExceptionHandler
CopyFileExW
HeapAlloc
DisconnectNamedPipe
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateIoCompletionPort
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CancelIo
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
SetFileInformationByHandle
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
FlushFileBuffers
ReadFile
ConnectNamedPipe
ReadProcessMemory
IsDebuggerPresent
UnhandledExceptionFilter
OpenProcess
SetUnhandledExceptionFilter
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GetTickCount64
GetProcessHeap
CreateNamedPipeW
GetNamedPipeClientProcessId
GetLogicalDrives
TlsFree
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
GetCurrentThreadId
GetLastError
GlobalMemoryStatusEx
SetFileCompletionNotificationModes
GetNamedPipeServerProcessId
SetFileAttributesW
TryAcquireSRWLockExclusive
Sleep
SetFilePointerEx
CloseHandle
GetModuleHandleA
SwitchToThread
AcquireSRWLockExclusive
HeapFree
RtlPcToFileHeader
RaiseException
WideCharToMultiByte
EncodePointer
LoadLibraryExW
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
TlsAlloc
TlsGetValue
WriteFile
PostQueuedCompletionStatus
TlsSetValue
WakeAllConditionVariable
SleepConditionVariableSRW
DeleteProcThreadAttributeList
WakeConditionVariable

user32

EnumChildWindows
ShowWindow
PostQuitMessage
SetMenuItemInfoW
DefWindowProcW
RegisterClassExW
DestroyIcon
DestroyAcceleratorTable
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
GetCursorPos
SetCursorPos
GetForegroundWindow
FlashWindowEx
ReleaseCapture
CreateAcceleratorTableW
IsProcessDPIAware
ChangeDisplaySettingsExW
SetWindowPlacement
GetAsyncKeyState
RegisterTouchWindow
MapVirtualKeyExW
IsWindow
SetWindowDisplayAffinity
GetKeyState
GetKeyboardState
TrackMouseEvent
EnumDisplayMonitors
MonitorFromPoint
IsWindowVisible
ScreenToClient
GetKeyboardLayout
IsIconic
GetWindowPlacement
SystemParametersInfoA
SetCapture
GetTouchInputInfo
SetMenu
CheckMenuItem
ShowCursor
CloseTouchInputHandle
ClipCursor
GetSystemMetrics
ToUnicodeEx
GetMonitorInfoW
SetWindowTextW
GetWindowTextLengthW
GetClipCursor
GetWindowTextW
GetActiveWindow
PostThreadMessageW
GetMessageW
DispatchMessageA
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostMessageW
GetMessageA
LoadCursorW
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
GetAncestor
GetDC
VkKeyScanW
AppendMenuW
TranslateAcceleratorW
ClientToScreen
GetWindowRect
SetForegroundWindow
MonitorFromRect
CreateWindowExW
SetWindowLongPtrW
RegisterRawInputDevices
CreateMenu
MonitorFromWindow
SetCursor
AllowSetForegroundWindow
SendInput
CreateIcon
GetClientRect
DestroyWindow
GetWindowLongPtrW
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
RedrawWindow

comctl32

DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass

oleaut32

SysFreeString
SysStringLen
GetErrorInfo
SysAllocStringLen
SysAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayGetLBound
SetErrorInfo
SafeArrayGetUBound
SafeArrayAccessData

advapi32

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
CredWriteW
CredReadW
CredDeleteW
CredFree
RegEnumValueW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
RegSetValueExW
RegDeleteValueW
IsValidSid
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
GetLengthSid
CopySid
SystemFunction036

dxgi

CreateDXGIFactory

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

bcrypt

BCryptGenRandom

ws2_32

WSASend
WSASocketW
ioctlsocket
connect
getsockopt
WSAIoctl
setsockopt
getpeername
getaddrinfo
freeaddrinfo
WSACleanup
closesocket
getsockname
recv
WSAGetLastError
bind
shutdown
send
WSAStartup

ntdll

NtQueryInformationProcess
NtReadFile
NtWriteFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtQuerySystemInformation
RtlGetVersion

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext

secur32

DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
FreeContextBuffer
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage
ApplyControlToken
AcquireCredentialsHandleA
AcceptSecurityContext
LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

userenv

GetUserProfileDirectoryW

psapi

GetPerformanceInfo
GetModuleFileNameExW

iphlpapi

GetAdaptersAddresses
FreeMibTable
GetIfTable2
GetIfEntry2

netapi32

NetUserGetInfo
NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
wcsncmp
strlen
_wcsicmp

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
free
_set_new_mode
malloc
calloc

api-ms-win-crt-math-l1-1-0

trunc
floor
pow
round
__setusermatherr

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_wassert
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_register_onexit_function
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_crt_atexit
_invalid_parameter_noinfo_noreturn
terminate
_set_app_type
__p___argv
abort
_initialize_onexit_table
_c_exit
__p___argc
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b60e15f54bf7a13b8ce7f64190111dfe

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

kernel32

user32

comctl32

oleaut32

advapi32

dxgi

setupapi

bcrypt

ws2_32

ntdll

crypt32

secur32

userenv

psapi

iphlpapi

netapi32

pdh

powrprof

uxtheme

gdi32

dwmapi

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcp140

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 3.7MB - Virtual size: 3.7MB

.data Size: 1024B - Virtual size: 12KB

.pdata Size: 67KB - Virtual size: 66KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 1024B - Virtual size: 12KB

.pdata
Size: 67KB - Virtual size: 66KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 35KB - Virtual size: 34KB