2024-07-26_a43ad921760a9f591a31d1fd1e3e1c5e_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-26_a43ad921760a9f591a31d1fd1e3e1c5e_cobalt-strike_megazord
Size

20.7MB
MD5

a43ad921760a9f591a31d1fd1e3e1c5e
SHA1

b0818d58f86366d0ff0bd374faeaa0be7f445376
SHA256

779a904bedd66eb86f0042200cbb9459d58141ff8767558bbc142f15da88825c
SHA512

40d9ba141a8c7166b2b13e6ee62236b8597e62fcda9007d298d3a196bd7ce12ba3f82b483a45e630fb8c5dbcd1cc532acc10be95572be9a87882824d4d2a19f6
SSDEEP

196608:oFUUHj7D+gYJCyjasm/F+0tTI3oVaCy0BG7GOnuUZyu:K7D+g6uYyu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-26_a43ad921760a9f591a31d1fd1e3e1c5e_cobalt-strike_megazord

Files

2024-07-26_a43ad921760a9f591a31d1fd1e3e1c5e_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

f36225fafabbbe4ae239ea8b1d26a135

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\ruffle\ruffle\target\x86_64-pc-windows-msvc\release\deps\ruffle_desktop.pdb

Imports

shlwapi

AssocQueryStringW

kernel32

GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
SetLastError
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
SetHandleInformation
GetCurrentProcessId
SleepConditionVariableSRW
WaitForMultipleObjectsEx
GetProcessHeap
HeapFree
HeapAlloc
WaitForSingleObject
GetFileInformationByHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
SetThreadErrorMode
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
ReleaseMutex
CreateMutexA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
SetFilePointerEx
GetStdHandle
WriteFileEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
Sleep
HeapReAlloc
FindNextFileW
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
WriteConsoleW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
SetEndOfFile
SetStdHandle
GetFileAttributesExW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
GetCommandLineA
WriteFile
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
PeekNamedPipe
GetDriveTypeW
RtlPcToFileHeader
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
EncodePointer
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
FormatMessageW
GetUserPreferredUILanguages
FlushFileBuffers
VirtualProtect
UnmapViewOfFile
DuplicateHandle
GetCurrentProcess
MapViewOfFile
CreateFileMappingW
GetLastError
SetConsoleMode
GetConsoleMode
CreateFileW
lstrlenW
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
SetEvent
CloseHandle
AttachConsole
FreeConsole
ReleaseSRWLockExclusive
RtlUnwind
AcquireSRWLockExclusive
CreateEventA
HeapSize
WakeConditionVariable
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

ws2_32

WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
getpeername
ioctlsocket
WSASocketW
WSACreateEvent
WSACloseEvent
send
getsockopt
closesocket
freeaddrinfo

crypt32

CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
CertFindCertificateInStore
CertFreeCertificateChain
CertGetEnhancedKeyUsage
CryptStringToBinaryA
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
PFXImportCertStore
CertOpenStore
CertCloseStore

user32

GetKeyState
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
SystemParametersInfoA
GetClipboardData
RegisterWindowMessageA
RegisterRawInputDevices
ShowWindow
SetWindowLongW
GetSystemMenu
EnableMenuItem
GetWindowLongW
AdjustWindowRectEx
SetWindowTextW
MapVirtualKeyW
SendInput
SetForegroundWindow
GetDC
GetActiveWindow
ClipCursor
GetClipCursor
ShowCursor
GetWindowRect
ClientToScreen
DestroyIcon
SendMessageW
CreateIcon
OpenClipboard
MsgWaitForMultipleObjectsEx
IsClipboardFormatAvailable
SetCapture
ReleaseCapture
GetClientRect
MessageBoxW
SetWindowPlacement
RegisterClipboardFormatW
ValidateRect
SetWindowLongPtrW
DestroyWindow
RedrawWindow
PostMessageW
GetWindowPlacement
ChangeDisplaySettingsExW
GetWindowLongPtrW
DispatchMessageW
TranslateMessage
GetMessageW
MapVirtualKeyA
CreateWindowExW
RegisterClassExW
InvalidateRgn
SetWindowDisplayAffinity
GetRawInputData
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterTouchWindow
GetSystemMetrics
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
SetCursor
LoadCursorW
TrackMouseEvent
MonitorFromRect
GetMenu
ScreenToClient
IsProcessDPIAware
GetUpdateRect
DefWindowProcW
PeekMessageW
EnumDisplayMonitors
PostThreadMessageW

ole32

RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
OleInitialize

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

advapi32

RegQueryValueExW
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyExW
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
SystemFunction036
CryptHashData

shell32

SHGetKnownFolderPath
DragQueryFileW
SHCreateItemFromParsingName
DragFinish

bcrypt

BCryptGenRandom

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod

imm32

ImmGetCompositionStringW
ImmSetCandidateWindow
ImmReleaseContext
ImmAssociateContextEx
ImmGetContext

uxtheme

SetWindowTheme

d3dcompiler_47

D3DCompile

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

Sections

.text
Size: 15.5MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f36225fafabbbe4ae239ea8b1d26a135

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

ws2_32

crypt32

user32

ole32

gdi32

dwmapi

advapi32

shell32

bcrypt

oleaut32

winmm

imm32

uxtheme

d3dcompiler_47

ntdll

Sections

.text Size: 15.5MB - Virtual size: 15.5MB

.rdata Size: 4.8MB - Virtual size: 4.8MB

.data Size: 18KB - Virtual size: 60KB

.pdata Size: 257KB - Virtual size: 256KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 123KB - Virtual size: 122KB

.zero Size: 8KB - Virtual size: 4KB

.text
Size: 15.5MB - Virtual size: 15.5MB

.rdata
Size: 4.8MB - Virtual size: 4.8MB

.data
Size: 18KB - Virtual size: 60KB

.pdata
Size: 257KB - Virtual size: 256KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 123KB - Virtual size: 122KB

.zero
Size: 8KB - Virtual size: 4KB