2024-07-24_979756555dd08720a1c16f74833e4dda_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-24_979756555dd08720a1c16f74833e4dda_cobalt-strike_megazord
Size

2.6MB
MD5

979756555dd08720a1c16f74833e4dda
SHA1

1a9f0cfa2bd65ef5340f1b3a8e0ab84ccb133748
SHA256

907e28bd739007f7cb92c4774891b50ea82e32e9494b69546ebbefa7ccd09f68
SHA512

7a70863a81bede218308fd41c9fba69cced453d50e1514c4bd84d3dbd0892359638f65c5475d583cdfd8ab6a872004750ce8b13e5c8ff18eb11ffcf6b72f6d98
SSDEEP

24576:cTSrsH9Ob1Pl+JCb7aQN8GD3PDQMhihGl/Qva1ElQgFJUUAf4y1WOlwtdEv1:vQH9O1DOQLzDQ/MVVcQgFJU14yg9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-24_979756555dd08720a1c16f74833e4dda_cobalt-strike_megazord

Files

2024-07-24_979756555dd08720a1c16f74833e4dda_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

737ec23a02dd2ac2750f08c7024a83f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
EventWrite
EventRegister
EventEnabled
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

bcrypt

BCryptGenRandom

kernel32

TlsFree
TlsSetValue
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetLastError
SetLastError
GetFullPathNameW
GetLongPathNameW
WideCharToMultiByte
LocalAlloc
GetConsoleOutputCP
GetProcAddress
RaiseFailFastException
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FreeLibrary
GetFileAttributesExW
GetSystemDirectoryW
LoadLibraryExW
QueryUnbiasedInterruptTime
SetThreadErrorMode
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
CloseHandle
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
FormatMessageW
CreateProcessW
FlushProcessWriteBuffers
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ole32

CoUninitialize
CoCreateGuid
CoTaskMemFree
CoWaitForMultipleHandles
CoGetApartmentType
CoInitializeEx
CoTaskMemAlloc

user32

LoadStringW

api-ms-win-crt-math-l1-1-0

ceil
cos
floor
pow
__setusermatherr
modf
tan
sin

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

strncpy_s
_stricmp
wcsncmp
strcmp
strcpy_s
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_exit
abort
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
terminate
__p___argc
_crt_atexit
exit
_register_onexit_function
_seh_filter_exe
_set_app_type
_initterm_e
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_set_fmode
__p__commode
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 959KB - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 962KB - Virtual size: 962KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

737ec23a02dd2ac2750f08c7024a83f3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

user32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 463KB - Virtual size: 462KB

.managed Size: 959KB - Virtual size: 958KB

.rdata Size: 962KB - Virtual size: 962KB

.data Size: 104KB - Virtual size: 159KB

.pdata Size: 87KB - Virtual size: 87KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 463KB - Virtual size: 462KB

.managed
Size: 959KB - Virtual size: 958KB

.rdata
Size: 962KB - Virtual size: 962KB

.data
Size: 104KB - Virtual size: 159KB

.pdata
Size: 87KB - Virtual size: 87KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 56KB - Virtual size: 55KB