2024-09-03_10ab9ef8999a9d00ee72dd279bd937a4_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-03_10ab9ef8999a9d00ee72dd279bd937a4_cobalt-strike_megazord
Size

1.5MB
MD5

10ab9ef8999a9d00ee72dd279bd937a4
SHA1

c0e92e7ba832f38e47c00c99e7dfcad6ab0d6beb
SHA256

6bb7e14155433d7f459285f3294197fdd2a0dfddeb5e0b2b23457db2a688a5af
SHA512

75632d3de3ce86ae29021c771545d05c4fb4a5bc4463ee51b8f8e23a7e7ac34f9e3c2ad865fe0e1fbb2dd992633c6c7fcbe98c34eabe5d19ae3a69442c4c1d6d
SSDEEP

49152:ccfcIRVOkbhytj82ajNxX/+zQhloOoRR:AcRBWQAOoRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_10ab9ef8999a9d00ee72dd279bd937a4_cobalt-strike_megazord

Files

2024-09-03_10ab9ef8999a9d00ee72dd279bd937a4_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

fb66637ff867edb3e4b3b39a549b6cfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\rust-xdr-killer-new\client\target\release\deps\client.pdb

Imports

ws2_32

listen
bind
accept
ioctlsocket
connect
getsockopt
shutdown
recv
send
getaddrinfo
setsockopt
WSAIoctl
WSAGetLastError
socket
freeaddrinfo
WSAStartup
WSACleanup
WSASocketW
closesocket

kernel32

HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
GetProcessHeap
HeapFree
FreeLibrary
FlsGetValue
GetLastError
FlsAlloc
HeapAlloc
FormatMessageW
CreateEventW
WaitForSingleObject
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsValidCodePage
FindFirstFileExW
LoadLibraryExA
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
TryAcquireSRWLockExclusive
DuplicateHandle
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
GetConsoleOutputCP
SetHandleInformation
GetCurrentProcess
GetProcAddress
LoadLibraryA
CloseHandle
GetCurrentDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFinalPathNameByHandleW
GetEnvironmentVariableW
GetFullPathNameW
GetModuleFileNameW
GetCommandLineW
HeapReAlloc
TerminateProcess
GetFileAttributesW
CreateProcessW
CompareStringOrdinal
CreateIoCompletionPort
SetLastError
GetQueuedCompletionStatusEx
WideCharToMultiByte
ReadFile
GetOverlappedResult
WriteFile
PostQueuedCompletionStatus
WriteConsoleW
MultiByteToWideChar
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
FindClose
FindNextFileW
CreateFileW
FlushFileBuffers
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
SetFilePointerEx
FindFirstFileW
DeleteFileW
SwitchToThread
GetSystemTimeAsFileTime
GetConsoleMode
RtlLookupFunctionEntry
ReleaseSRWLockShared
GetEnvironmentStringsW
SetEnvironmentVariableW
ReadFileEx
SleepEx
WriteFileEx
AcquireSRWLockShared
CreateThread
SetThreadStackGuarantee
GetCurrentThread
GetSystemInfo
GetTempPathW
AddVectoredExceptionHandler
GetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
FreeEnvironmentStringsW
GetFileType
ExitProcess
GetCurrentProcessId
RtlCaptureContext
GetExitCodeProcess
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
CreateNamedPipeW
WaitForMultipleObjects
CancelIo

oleaut32

SysAllocStringLen
SysStringLen
GetErrorInfo
SysFreeString
SafeArrayDestroy
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

ntdll

NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

advapi32

SystemFunction036

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb66637ff867edb3e4b3b39a549b6cfe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

oleaut32

ole32

ntdll

advapi32

bcrypt

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 366KB - Virtual size: 366KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 63KB - Virtual size: 63KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 366KB - Virtual size: 366KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 63KB - Virtual size: 63KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 6KB - Virtual size: 5KB