2024-08-19_10e4328a1c60f7ba788ed0901f2cceda_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-19_10e4328a1c60f7ba788ed0901f2cceda_cobalt-strike_megazord
Size

13.4MB
MD5

10e4328a1c60f7ba788ed0901f2cceda
SHA1

db8633a86c56e9c1370a1ca7c17f84e9b3c867b8
SHA256

37c63ef859acb62f880af88aee2b6cd325840de79dbbca9853298474c3f7e0a2
SHA512

f342e39b40465e2b94f41aefaceaa565eef7334d62301c5c56eb30393c0dbccde740b331c5d24d7fa4f13705d493eb96ef614d561c08578c56e163b07e0766f4
SSDEEP

98304:cEUHfAoObdh2y2p6LGkKmxF99/uSuMveXjFK7xEaUH5CfhIF/4+R1AT7wKg7HZIv:yHfA0aFKm3WXjeYZCfhC/4G3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-19_10e4328a1c60f7ba788ed0901f2cceda_cobalt-strike_megazord

Files

2024-08-19_10e4328a1c60f7ba788ed0901f2cceda_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

78fe64e6dcb1f0d11d5700902c7ccc16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\dprint\dprint\target\x86_64-pc-windows-msvc\release\deps\dprint.pdb

Imports

kernel32

RtlVirtualUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
lstrlenW
GetFileInformationByHandleEx
LockFileEx
UnlockFile
GetCurrentProcess
DuplicateHandle
SetFileInformationByHandle
ReleaseSRWLockShared
TryAcquireSRWLockShared
GetFileInformationByHandle
TryAcquireSRWLockExclusive
AcquireSRWLockShared
SleepConditionVariableSRW
RtlAddFunctionTable
RtlDeleteFunctionTable
GetSystemInfo
VirtualProtect
FlushFileBuffers
VirtualFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
VirtualAlloc
GetNativeSystemInfo
VirtualQuery
ReleaseMutex
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
Sleep
WaitForMultipleObjects
SetConsoleCursorInfo
FindFirstFileExW
GetConsoleOutputCP
GetStdHandle
CreateFileW
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
MultiByteToWideChar
GetNumberOfConsoleInputEvents
GetFileType
OpenProcess
WaitForSingleObject
WideCharToMultiByte
GetModuleHandleA
SetStdHandle
GetStringTypeW
ReleaseSRWLockExclusive
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
GetLastError
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
AcquireSRWLockExclusive
GetCommandLineW
SetFilePointerEx
CreateDirectoryW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetCurrentProcessId
WriteFile
GetModuleHandleExW
SetHandleInformation
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
FindNextFileW
FindFirstFileW
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFinalPathNameByHandleW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
LoadLibraryExW
FreeLibrary
TlsFree
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
EncodePointer
ReadConsoleInputW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CloseHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
HeapSize

advapi32

SystemFunction036
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

ws2_32

ioctlsocket
send
getpeername
getsockopt
setsockopt
WSAGetLastError
freeaddrinfo
WSACleanup
WSAStartup
WSASocketW
getaddrinfo
connect
select
WSASend
WSARecv
getsockname
closesocket
recv

crypt32

CertVerifyTimeValidity
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetEnhancedKeyUsage

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

user32

ToUnicodeEx
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout

bcrypt

BCryptGenRandom

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78fe64e6dcb1f0d11d5700902c7ccc16

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

crypt32

shell32

ole32

user32

bcrypt

Sections

.text Size: 10.0MB - Virtual size: 10.0MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 432KB - Virtual size: 431KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 10.0MB - Virtual size: 10.0MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 432KB - Virtual size: 431KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 51KB - Virtual size: 51KB