2024-07-23_c3a74f59a59742fd02d483f5d5bbe6b9_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-23_c3a74f59a59742fd02d483f5d5bbe6b9_cobalt-strike_megazord
Size

2.5MB
MD5

c3a74f59a59742fd02d483f5d5bbe6b9
SHA1

b90c1def2395b8ec51248b1350322784bbb43a16
SHA256

3c832637dc3005d90c4f6ce98eb708a61c34e4975cde92bc8eb64d3393ca0d41
SHA512

8febcf959a021b6d99e46e44f38a3ce870e6b1d5a6dfc511df900089a570497f9acaa3bd24acfee0e8122ec492fa37b48c73f24672b370516e1861c3f4bd3788
SSDEEP

24576:g/JqiJVQChs2ZskoackqqZqpjHKXU96MkjPElQgFJpXzSaHZbWU:OJVQWslkqqGjHKXJMBQgFJpXO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-23_c3a74f59a59742fd02d483f5d5bbe6b9_cobalt-strike_megazord

Files

2024-07-23_c3a74f59a59742fd02d483f5d5bbe6b9_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

e3222f5a803bfae199bdf257c3e28de0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
EventWrite
EventRegister
EventEnabled
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

bcrypt

BCryptGenRandom

kernel32

TlsFree
TlsSetValue
GetCPInfoExW
SetLastError
GetConsoleMode
GetLastError
GetFileType
ReadFile
ReadConsoleW
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
Sleep
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetFullPathNameW
GetLongPathNameW
LocalAlloc
GetProcAddress
RaiseFailFastException
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FreeLibrary
GetFileAttributesExW
GetSystemDirectoryW
LoadLibraryExW
SetThreadErrorMode
DuplicateHandle
GetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
CloseHandle
SetEvent
CreateEventExW
GetEnvironmentVariableW
FormatMessageW
CreateProcessW
ResumeThread
FlushProcessWriteBuffers
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
CreateThread
SetThreadPriority
SuspendThread
GetThreadContext
SetThreadContext
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
ResetEvent
DebugBreak
WaitForSingleObject
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ole32

CoUninitialize
CoCreateGuid
CoTaskMemFree
CoWaitForMultipleHandles
CoGetApartmentType
CoInitializeEx
CoTaskMemAlloc

user32

LoadStringW

api-ms-win-crt-math-l1-1-0

ceil
cos
floor
pow
__setusermatherr
modf
tan
sin

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

strncpy_s
_stricmp
wcsncmp
strcmp
strcpy_s
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_exit
abort
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
terminate
__p___argc
_crt_atexit
exit
_register_onexit_function
_seh_filter_exe
_set_app_type
_initterm_e
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_set_fmode
__p__commode
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 933KB - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 927KB - Virtual size: 926KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3222f5a803bfae199bdf257c3e28de0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

user32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 461KB - Virtual size: 461KB

.managed Size: 933KB - Virtual size: 932KB

.rdata Size: 927KB - Virtual size: 926KB

.data Size: 99KB - Virtual size: 153KB

.pdata Size: 84KB - Virtual size: 84KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 461KB - Virtual size: 461KB

.managed
Size: 933KB - Virtual size: 932KB

.rdata
Size: 927KB - Virtual size: 926KB

.data
Size: 99KB - Virtual size: 153KB

.pdata
Size: 84KB - Virtual size: 84KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 53KB - Virtual size: 52KB