2024-08-18_366e4b3f0cdbf9ce796893fd57fbdc63_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-18_366e4b3f0cdbf9ce796893fd57fbdc63_cobalt-strike_megazord
Size

13.4MB
MD5

366e4b3f0cdbf9ce796893fd57fbdc63
SHA1

79d2c4ef43a665bcb850ea6fe5c78d838f9336ac
SHA256

1f175423569b8163e5d0061bf3b0f8ab1fd5c045a1d6fcc5dfb5e09ce34bbaf5
SHA512

75837a86e72575d82103c3257f21aefef0906cdd3619314b5dd3b0306a90a7299c78cfb922161ded5453029198e86b3d169fddd310cb7430a0029790d790d29a
SSDEEP

98304:Q01pQu0wwi0hEzX53VfKmTBK4E5PSL0VfTau9G6TS0je0AtLVi+U1IoGyuSaNV4E:QgQFwnRTr0Vf7S0e0AxsfzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-18_366e4b3f0cdbf9ce796893fd57fbdc63_cobalt-strike_megazord

Files

2024-08-18_366e4b3f0cdbf9ce796893fd57fbdc63_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

2106cd1c6dbcdcb15c526b0d599e80d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\dprint\dprint\target\x86_64-pc-windows-msvc\release\deps\dprint.pdb

Imports

kernel32

RtlVirtualUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
lstrlenW
ReleaseSRWLockShared
TryAcquireSRWLockShared
GetFileInformationByHandle
TryAcquireSRWLockExclusive
AcquireSRWLockShared
SleepConditionVariableSRW
RtlAddFunctionTable
RtlDeleteFunctionTable
GetSystemInfo
GetCurrentProcess
DuplicateHandle
VirtualProtect
FlushFileBuffers
VirtualFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
VirtualAlloc
GetNativeSystemInfo
VirtualQuery
ReleaseMutex
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
Sleep
WaitForMultipleObjects
SetConsoleCursorInfo
FindFirstFileExW
GetConsoleOutputCP
GetStdHandle
CreateFileW
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
ReadConsoleInputW
GetNumberOfConsoleInputEvents
GetFileType
GetFileInformationByHandleEx
MultiByteToWideChar
WaitForSingleObject
WideCharToMultiByte
GetModuleHandleA
SetStdHandle
GetStringTypeW
ReleaseSRWLockExclusive
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
GetLastError
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
AcquireSRWLockExclusive
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetCurrentProcessId
WriteFile
GetModuleHandleExW
SetHandleInformation
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
FindNextFileW
FindFirstFileW
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFinalPathNameByHandleW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
LoadLibraryExW
FreeLibrary
TlsFree
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
EncodePointer
OpenProcess
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CloseHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
HeapSize

advapi32

SystemFunction036
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

ws2_32

ioctlsocket
send
getpeername
getsockopt
setsockopt
WSAGetLastError
freeaddrinfo
WSACleanup
WSAStartup
WSASocketW
getaddrinfo
connect
select
WSASend
WSARecv
getsockname
closesocket
recv

crypt32

CertVerifyTimeValidity
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetEnhancedKeyUsage

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

user32

ToUnicodeEx
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout

bcrypt

BCryptGenRandom

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2106cd1c6dbcdcb15c526b0d599e80d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

crypt32

shell32

ole32

user32

bcrypt

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 429KB - Virtual size: 428KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 9.9MB - Virtual size: 9.9MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 429KB - Virtual size: 428KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 51KB - Virtual size: 51KB