2024-08-18_73f1361b76411d5edf6403f6bbd93d30_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-18_73f1361b76411d5edf6403f6bbd93d30_cobalt-strike_megazord
Size

13.5MB
MD5

73f1361b76411d5edf6403f6bbd93d30
SHA1

1ad671a444ea11f497ee7ccb3b99503219896996
SHA256

64aa3baa06ac3e97a80bf65995e182c13bbd109c000814aba428a9a9d1700f7d
SHA512

e05727911761e5cdee2d6d7eb1bff94b4f8e09e7fe6671a9a8b46603f4630aaad91c91aa932ffc85489aa4d0bb097da3fc1b432ce131b9b0c72f6ae9d6b4c167
SSDEEP

98304:nLUua/JfJ48dAFZbzhunCpvUNVbdhn1jKDUAuigX0zsInhY6Rgm3kETlA+olBQQl:o5fi8dfFTbdBjX0Q66m3kI2vvC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-18_73f1361b76411d5edf6403f6bbd93d30_cobalt-strike_megazord

Files

2024-08-18_73f1361b76411d5edf6403f6bbd93d30_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

78fe64e6dcb1f0d11d5700902c7ccc16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\dprint\dprint\target\x86_64-pc-windows-msvc\release\deps\dprint.pdb

Imports

kernel32

RtlVirtualUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
lstrlenW
GetFileInformationByHandleEx
LockFileEx
UnlockFile
GetCurrentProcess
DuplicateHandle
SetFileInformationByHandle
ReleaseSRWLockShared
TryAcquireSRWLockShared
GetFileInformationByHandle
TryAcquireSRWLockExclusive
AcquireSRWLockShared
SleepConditionVariableSRW
RtlAddFunctionTable
RtlDeleteFunctionTable
GetSystemInfo
VirtualProtect
FlushFileBuffers
VirtualFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
VirtualAlloc
GetNativeSystemInfo
VirtualQuery
ReleaseMutex
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
Sleep
WaitForMultipleObjects
SetConsoleCursorInfo
FindFirstFileExW
GetConsoleOutputCP
GetStdHandle
CreateFileW
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
MultiByteToWideChar
GetNumberOfConsoleInputEvents
GetFileType
OpenProcess
WaitForSingleObject
WideCharToMultiByte
GetModuleHandleA
SetStdHandle
GetStringTypeW
ReleaseSRWLockExclusive
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
GetLastError
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
AcquireSRWLockExclusive
GetCommandLineW
SetFilePointerEx
CreateDirectoryW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetCurrentProcessId
WriteFile
GetModuleHandleExW
SetHandleInformation
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
FindNextFileW
FindFirstFileW
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFinalPathNameByHandleW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
LoadLibraryExW
FreeLibrary
TlsFree
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
EncodePointer
ReadConsoleInputW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CloseHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
HeapSize

advapi32

SystemFunction036
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

ws2_32

ioctlsocket
send
getpeername
getsockopt
setsockopt
WSAGetLastError
freeaddrinfo
WSACleanup
WSAStartup
WSASocketW
getaddrinfo
connect
select
WSASend
WSARecv
getsockname
closesocket
recv

crypt32

CertVerifyTimeValidity
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetEnhancedKeyUsage

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

user32

ToUnicodeEx
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout

bcrypt

BCryptGenRandom

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78fe64e6dcb1f0d11d5700902c7ccc16

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

crypt32

shell32

ole32

user32

bcrypt

Sections

.text Size: 10.0MB - Virtual size: 10.0MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 433KB - Virtual size: 433KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 10.0MB - Virtual size: 10.0MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 433KB - Virtual size: 433KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 51KB - Virtual size: 51KB