2024-08-25_31b59a3cbc77f7b7555b8bb5651e720c_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-25_31b59a3cbc77f7b7555b8bb5651e720c_cobalt-strike_megazord
Size

2.6MB
MD5

31b59a3cbc77f7b7555b8bb5651e720c
SHA1

d6701c9276181d48303ca5e92c5157473ca3e96d
SHA256

15e4762660c2ac831475cc714ab0f5fd0ce7e9b0888970b0a9444e1ffb2c72de
SHA512

4436f8af50b5798aa43d165dfb1caf4665ff508ef879ab089cbebd6af4fd27584c99614e88dcd8d893aac743c25d3eff7059634f33db0a9d328d9941b8551381
SSDEEP

49152:hxydofAcYonTUhL8yErXEu9H8ayRqHuk0I17d/V:KdoffYJagJtI171V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-25_31b59a3cbc77f7b7555b8bb5651e720c_cobalt-strike_megazord

Files

2024-08-25_31b59a3cbc77f7b7555b8bb5651e720c_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

98e6cfd887e05e407c9fd8688c28e805

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

qdehasher.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleMode
SwitchToThread
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
SetLastError
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
HeapSize
CreateIoCompletionPort
SetFileCompletionNotificationModes
LCMapStringW
Sleep
GetModuleHandleA
GetProcAddress
CompareStringW
GetFileInformationByHandleEx
HeapReAlloc
HeapFree
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
CloseHandle
GetCurrentThread
SetThreadStackGuarantee
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineW
AddVectoredExceptionHandler
GetSystemInfo
WideCharToMultiByte
GetConsoleMode
GetLastError
GetCommandLineA
GetModuleHandleExW
SetHandleInformation
TerminateProcess
ExitProcess
GetModuleFileNameW
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
lstrlenW
GetEnvironmentVariableW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
FindFirstFileW
FindClose
ReadConsoleW
WriteFile
RtlPcToFileHeader
LoadLibraryExW
FreeLibrary
CreateThread
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
PostQueuedCompletionStatus
TlsFree
GetStdHandle
TlsSetValue
GetSystemTimePreciseAsFileTime
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetACP
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
EncodePointer
RaiseException
EnterCriticalSection

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

ws2_32

shutdown
WSASend
recv
WSASocketW
connect
getsockopt
bind
closesocket
setsockopt
getaddrinfo
freeaddrinfo
WSAIoctl
WSAStartup
WSACleanup
send
getpeername
getsockname
WSAGetLastError
ioctlsocket

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtReadFile
NtWriteFile

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
FreeContextBuffer
DecryptMessage
InitializeSecurityContextW
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
AcceptSecurityContext
ApplyControlToken

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree

shell32

SHCreateItemFromParsingName

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 919KB - Virtual size: 918KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98e6cfd887e05e407c9fd8688c28e805

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

crypt32

ws2_32

ntdll

secur32

advapi32

ole32

shell32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 919KB - Virtual size: 918KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 49KB - Virtual size: 48KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 265KB - Virtual size: 264KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 919KB - Virtual size: 918KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 49KB - Virtual size: 48KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 265KB - Virtual size: 264KB

.reloc
Size: 23KB - Virtual size: 23KB