2024-08-18_863358a1ecb6ab964b7e2a220d7ab7e4_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-18_863358a1ecb6ab964b7e2a220d7ab7e4_cobalt-strike_megazord
Size

14.6MB
MD5

863358a1ecb6ab964b7e2a220d7ab7e4
SHA1

4a8203215b7f3fb017266790e3c92bf26e3aac5e
SHA256

7241c04d44d6ea1536bae267f41bc62f61a65ad8229bf2af68068760ab64f604
SHA512

cb0226badd9badc29710fcfce227a67e63d0af705bd45bf6ac3f3e74ca0bff4216a8a98866a98037711c155ba69851a6bfd0f3b85b10ed5839a672f0446a87b8
SSDEEP

98304:Lv5IvIBlzVqMXMph7RQrmOvit/TuF+eJRjgavZeYruB2RxR8Y10ZH+R6GgydN9cz:LxIvIjzVdvi+jguZp8Y1GHGNPL+9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-18_863358a1ecb6ab964b7e2a220d7ab7e4_cobalt-strike_megazord

Files

2024-08-18_863358a1ecb6ab964b7e2a220d7ab7e4_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

fcf81e81536443db0a68fec129555671

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\dprint\dprint\target\x86_64-pc-windows-msvc\release\deps\dprint.pdb

Imports

kernel32

RtlVirtualUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
lstrlenW
GetFileInformationByHandleEx
LockFileEx
UnlockFile
GetCurrentProcess
DuplicateHandle
SetFileInformationByHandle
ReleaseSRWLockShared
TryAcquireSRWLockShared
GetFileInformationByHandle
TryAcquireSRWLockExclusive
AcquireSRWLockShared
SleepConditionVariableSRW
RtlDeleteFunctionTable
RtlAddFunctionTable
GetSystemInfo
VirtualProtect
FlushFileBuffers
AddVectoredExceptionHandler
SetThreadStackGuarantee
VirtualFree
VirtualAlloc
GetNativeSystemInfo
VirtualQuery
ReleaseMutex
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
Sleep
WaitForMultipleObjects
SetConsoleCursorInfo
FindFirstFileExW
GetConsoleOutputCP
GetModuleHandleA
GetStdHandle
CreateFileW
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
MultiByteToWideChar
ReadConsoleInputW
GetNumberOfConsoleInputEvents
GetFileType
WideCharToMultiByte
SetStdHandle
GetStringTypeW
OpenProcess
WaitForSingleObject
GetConsoleMode
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
GetLastError
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
GetCommandLineW
SetFilePointerEx
CreateDirectoryW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetCurrentProcessId
WriteFile
GetModuleHandleExW
SetHandleInformation
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
FindNextFileW
FindFirstFileW
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFinalPathNameByHandleW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
LoadLibraryExW
FreeLibrary
TlsFree
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
EncodePointer
WriteConsoleW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CloseHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
HeapSize

advapi32

SystemFunction036
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ws2_32

ioctlsocket
send
getpeername
getsockopt
setsockopt
WSAGetLastError
freeaddrinfo
WSACleanup
WSAStartup
WSASocketW
getaddrinfo
connect
select
WSASend
WSARecv
getsockname
closesocket
recv

crypt32

CertVerifyTimeValidity
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetEnhancedKeyUsage

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

user32

ToUnicodeEx
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout

bcrypt

BCryptGenRandom

Sections

.text
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcf81e81536443db0a68fec129555671

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

crypt32

shell32

ole32

user32

bcrypt

Sections

.text Size: 10.8MB - Virtual size: 10.8MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 488KB - Virtual size: 488KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 10.8MB - Virtual size: 10.8MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 488KB - Virtual size: 488KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 53KB - Virtual size: 53KB