2024-07-27_1aa7dd6062af92924a8364a50b894d09_cobalt-strike_megazord_poet-rat

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-27_1aa7dd6062af92924a8364a50b894d09_cobalt-strike_megazord_poet-rat
Size

6.6MB
MD5

1aa7dd6062af92924a8364a50b894d09
SHA1

7c3a32b30c1825fa69f98d5cada024cce1654ac2
SHA256

60b9f48725e22fd61d156bcd446c26b953107e3deca328856322c2c91ea0c3b8
SHA512

8ffc3eeb0a6c2bd0d495e467cf499fc3f43e8b2d66bbe92360d81509665278e7e7a52c050538a96c96242472666e5ce6ef519a1def9ebe94e1560192f6dbb6eb
SSDEEP

98304:j7ZBflIF040no+adQtZ5EgvBHlu4No+4SrtomfTYFNUWTEgiElgUO:JBflUrdQlrvtlu49xamrYn/TEj+gUO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-27_1aa7dd6062af92924a8364a50b894d09_cobalt-strike_megazord_poet-rat

Files

2024-07-27_1aa7dd6062af92924a8364a50b894d09_cobalt-strike_megazord_poet-rat
.exe windows:6 windows x64 arch:x64

5037aecc407caf1f7431f4e78fe1031b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

X:\repos\Mnemonic2EVM\bin\Release\net9.0-windows\win-x64\native\Mnemonic2EVM.pdb

Imports

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges

bcrypt

BCryptGetProperty
BCryptGenRandom
BCryptDestroyHash
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CloseThreadpoolWork
CompareStringEx
CompareStringOrdinal
CreateDirectoryW
CreateEventExW
CreateFileW
CreateIoCompletionPort
CreateThread
CreateThreadpoolIo
CreateThreadpoolWork
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoExEx
EnumTimeFormatsEx
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCPInfoExW
GetCalendarInfoEx
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetOverlappedResult
GetProcAddress
GetProcessId
GetStdHandle
GetSystemTime
GetThreadPriority
GetTickCount64
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
K32EnumProcesses
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseFailFastException
ReadConsoleW
ReadFile
ResetEvent
ResolveLocaleName
ResumeThread
SetConsoleMode
SetConsoleTitleW
SetEvent
SetFileInformationByHandle
SetLastError
SetPriorityClass
SetThreadErrorMode
SetThreadPriority
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SubmitThreadpoolWork
SystemTimeToFileTime
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlUnwindEx
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
InitializeSListHead

ole32

CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoGetApartmentType

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil
pow

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

wcsncmp
strncpy_s
strcmp
strcpy_s
_stricmp

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_crt_atexit
_register_onexit_function
_initialize_onexit_table
abort
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_exit
exit
_initialize_wide_environment
_seh_filter_exe
_set_app_type
_initterm
_configure_wide_argv
_get_initial_wide_environment

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_set_fmode
__stdio_common_vfprintf
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 778KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5037aecc407caf1f7431f4e78fe1031b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

bcrypt

kernel32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 458KB - Virtual size: 458KB

.managed Size: 1.4MB - Virtual size: 1.4MB

hydrated Size: - Virtual size: 778KB

.rdata Size: 4.6MB - Virtual size: 4.6MB

.data Size: 9KB - Virtual size: 75KB

.pdata Size: 111KB - Virtual size: 111KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 458KB - Virtual size: 458KB

.managed
Size: 1.4MB - Virtual size: 1.4MB

hydrated
Size: - Virtual size: 778KB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 9KB - Virtual size: 75KB

.pdata
Size: 111KB - Virtual size: 111KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB