2024-07-23_134d3320f170b4e87e88b066217f4e56_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-23_134d3320f170b4e87e88b066217f4e56_cobalt-strike_megazord
Size

2.6MB
MD5

134d3320f170b4e87e88b066217f4e56
SHA1

6f8a4d0ea95712fc22ce379b6312fe5f782ec73b
SHA256

71136ffc627e3a538fd3dc8dc59cd4d264756fdb9fd8b37db5be14c516c79205
SHA512

ce373f8061cedc2df594317f2c4c3060854f9bd42b49cbb27182756da94b2024a2feeee6ed40cf4dd2418a81ce53e543c54bd1b8d93898c107cac70166c09bd0
SSDEEP

49152:+X4A+Uk4t9iwZmb0FZpOf64KAvgQgFJpXXHY27B:LPOm124e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-23_134d3320f170b4e87e88b066217f4e56_cobalt-strike_megazord

Files

2024-07-23_134d3320f170b4e87e88b066217f4e56_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

dd6477296ccda73596a4236779d18ec1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
EventWrite
EventRegister
EventEnabled
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

bcrypt

BCryptGenRandom

kernel32

TlsFree
TlsSetValue
GetCPInfoExW
SetLastError
GetConsoleMode
GetLastError
GetFileType
ReadFile
ReadConsoleW
WriteFile
WriteConsoleW
GetConsoleCP
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
Sleep
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetFullPathNameW
GetLongPathNameW
LocalAlloc
GetProcAddress
RaiseFailFastException
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FreeLibrary
GetFileAttributesExW
GetSystemDirectoryW
LoadLibraryExW
SetThreadErrorMode
DuplicateHandle
GetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
CloseHandle
SetEvent
CreateEventExW
GetEnvironmentVariableW
FormatMessageW
CreateProcessW
ResumeThread
FlushProcessWriteBuffers
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
CreateThread
SetThreadPriority
SuspendThread
GetThreadContext
SetThreadContext
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
ResetEvent
DebugBreak
WaitForSingleObject
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ole32

CoUninitialize
CoCreateGuid
CoTaskMemFree
CoWaitForMultipleHandles
CoGetApartmentType
CoInitializeEx
CoTaskMemAlloc

user32

LoadStringW

api-ms-win-crt-math-l1-1-0

ceil
cos
floor
pow
__setusermatherr
modf
tan
sin

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

strncpy_s
_stricmp
wcsncmp
strcmp
strcpy_s
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_exit
abort
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
terminate
__p___argc
_crt_atexit
exit
_register_onexit_function
_seh_filter_exe
_set_app_type
_initterm_e
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_set_fmode
__p__commode
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 937KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 930KB - Virtual size: 929KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd6477296ccda73596a4236779d18ec1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

user32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 461KB - Virtual size: 461KB

.managed Size: 937KB - Virtual size: 936KB

.rdata Size: 930KB - Virtual size: 929KB

.data Size: 100KB - Virtual size: 153KB

.pdata Size: 85KB - Virtual size: 84KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 461KB - Virtual size: 461KB

.managed
Size: 937KB - Virtual size: 936KB

.rdata
Size: 930KB - Virtual size: 929KB

.data
Size: 100KB - Virtual size: 153KB

.pdata
Size: 85KB - Virtual size: 84KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 53KB - Virtual size: 52KB