2024-09-09_100f2790ca35467c1b53527aadd8ea19_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-09_100f2790ca35467c1b53527aadd8ea19_cobalt-strike_megazord
Size

23.6MB
MD5

100f2790ca35467c1b53527aadd8ea19
SHA1

f35eba351a255844d6030812a1ac5ca38235fbdf
SHA256

a4f8274e58d2e00ea4e017b8f72766c6e6693a04da8af8fb27f908be395ed9aa
SHA512

b5c8bd82792d2c2f00700ec50408e333d60f0836d6c71c3be33371f5c0ff7a0b35263096531132849ec0b5ce4428b8dc9eff288fa3947d23ff9b5ce88ab377c7
SSDEEP

393216:1tCiMMB/t4J15VJmscoVt/FmXPecuA6E9WEjzBtp5srxvK3t0mfn5jzRad8yFzmU:1wJmscoVt/FmXPecuJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-09_100f2790ca35467c1b53527aadd8ea19_cobalt-strike_megazord

Files

2024-09-09_100f2790ca35467c1b53527aadd8ea19_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

ff4eefceb2855fe3d890bf996bd2e897

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

sas

SendSAS

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQuerySessionInformationW

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

kernel32

ReleaseSRWLockShared
GlobalUnlock
CreateEventA
SwitchToThread
SetEvent
QueryPerformanceCounter
WaitForMultipleObjectsEx
ReleaseSemaphore
lstrlenW
FormatMessageW
QueryPerformanceFrequency
FindClose
WaitForSingleObject
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
GetLogicalDrives
SetFileTime
GetSystemInfo
GetConsoleMode
GetStdHandle
GetFileType
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
UnmapViewOfFile
GetExitCodeProcess
LocalFree
LocalAlloc
ConnectNamedPipe
CreateFileW
FlushFileBuffers
OpenProcess
WTSGetActiveConsoleSessionId
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
QueueUserAPC
ResumeThread
GetModuleHandleExA
GetCurrentThreadId
TerminateProcess
SetThreadExecutionState
SetFilePointerEx
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetUserDefaultLocaleName
SetConsoleMode
GetModuleHandleW
CreateSemaphoreA
SetConsoleCtrlHandler
SetHandleInformation
GetQueuedCompletionStatusEx
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
CancelIoEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetLogicalProcessorInformation
CreateNamedPipeW
WakeConditionVariable
LoadLibraryW
FreeLibrary
LoadLibraryExA
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
WriteConsoleW
AcquireSRWLockShared
GetEnvironmentVariableW
SetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
CreateEventW
CancelIo
ExitProcess
GetSystemTimeAsFileTime
DeleteFileW
MoveFileExW
RemoveDirectoryW
DeviceIoControl
CreateSymbolicLinkW
CopyFileExW
GetTickCount64
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW
GetProcessTimes
ReadProcessMemory
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
SetErrorMode
SetThreadErrorMode
GetComputerNameExW
VirtualQuery
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RtlVirtualUnwind
GetFileSize
GetFileTime
SetFilePointer
ResetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeConditionVariable
SleepConditionVariableCS
SetThreadPriority
CreateSemaphoreW
TryEnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetNativeSystemInfo
InitializeCriticalSection
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReleaseMutex
GetCurrentProcess
GetProcAddress
CloseHandle
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
AcquireSRWLockExclusive
Sleep
HeapReAlloc
GetProcessHeap
HeapAlloc
GetLastError
SetThreadStackGuarantee
AddVectoredExceptionHandler
HeapFree
GetFileSizeEx
ReadConsoleW
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
HeapSize
GetCurrentDirectoryW
SetEndOfFile
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
IsProcessorFeaturePresent
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter

advapi32

CreateProcessWithTokenW
ImpersonateLoggedOnUser
DuplicateTokenEx
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
SystemFunction036
RegSetValueExW
RegCreateKeyExW
CreateProcessWithLogonW
CreateProcessAsUserW
RegDeleteKeyExW
GetTokenInformation
OpenProcessToken
RegDeleteTreeW
GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

ole32

PropVariantClear
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
OleInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
OleUninitialize
OleSetClipboard
OleGetClipboard
ReleaseStgMedium
OleIsCurrentClipboard

user32

GetKeyboardState
TrackPopupMenu
ClientToScreen
MessageBoxW
PostQuitMessage
CheckMenuItem
GetCursorPos
EnumDisplayDevicesW
EnumDisplaySettingsExW
GetSystemMetrics
LockWorkStation
GetCursorInfo
EnumDisplaySettingsW
FindWindowW
SetWindowPos
BlockInput
MsgWaitForMultipleObjectsEx
SendMessageW
InvalidateRgn
GetMenu
GetWindowLongW
AdjustWindowRectEx
DestroyIcon
PostMessageW
GetUpdateRect
PostThreadMessageW
MapVirtualKeyW
PeekMessageW
ValidateRect
GetRawInputData
RedrawWindow
DestroyWindow
ExitWindowsEx
RegisterWindowMessageA
RegisterClassExW
DefWindowProcW
SetForegroundWindow
ChangeDisplaySettingsExW
PostThreadMessageA
ShowWindow
RegisterClassW
SetMenuItemInfoW
DrawIconEx
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationA
PeekMessageA
SendMessageA
PostMessageA
GetAsyncKeyState
AppendMenuW
FindWindowA
DefWindowProcA
CreateAcceleratorTableW
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatA
RegisterClipboardFormatW
CountClipboardFormats
GetClipboardFormatNameA
SetWindowsHookExA
DestroyAcceleratorTable
AttachThreadInput
VkKeyScanW
GetMessageA
CreatePopupMenu
CreateMenu
RegisterRawInputDevices
SystemParametersInfoA
SetWindowLongPtrW
CreateWindowExW
CreateIcon
TranslateMessage
DispatchMessageW
GetMessageW
SetWindowTextW
DispatchMessageA
UnhookWindowsHookEx
CallNextHookEx
LoadCursorA
RegisterClassExA
SetClipboardData
ToUnicodeEx
CreateWindowExA
FindWindowExA
GetIconInfo
OpenClipboard
GetDC
EmptyClipboard
ReleaseDC
IsClipboardFormatAvailable
CloseClipboard
GetClipboardData
GetKeyState
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayout
GetWindowThreadProcessId
GetForegroundWindow
SendInput

iphlpapi

GetAdaptersAddresses
GetIfEntry2
FreeMibTable
SendARP
GetIfTable2

shell32

SHAddToRecentDocs
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
Shell_NotifyIconGetRect
SHGetKnownFolderPath
Shell_NotifyIconW

pdh

PdhGetFormattedCounterValue
PdhRemoveCounter
PdhAddCounterA
PdhCollectQueryData
PdhOpenQueryA
PdhCollectQueryDataEx
PdhCloseQuery
PdhAddEnglishCounterW

ws2_32

setsockopt
bind
closesocket
shutdown
WSASocketW
listen
accept
ioctlsocket
sendto
WSAIoctl
connect
WSAGetLastError
getsockopt
WSASend
send
recv
getpeername
socket
getsockname
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
recvfrom

gdi32

GetDIBits
CreateDIBSection
DeleteDC
DeleteObject
BitBlt
CreateCompatibleBitmap
GetObjectA
GetBitmapBits
CreateDCW
CreateCompatibleDC
SelectObject

crypt32

CertDeleteCertificateFromStore
CertNameToStrA
CertEnumCertificatesInStore
CryptHashCertificate
CertCloseStore
CertOpenSystemStoreW
CertAddEncodedCertificateToStore

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

ntdll

NtCancelIoFileEx
NtQuerySystemInformation
NtWriteFile
NtDeviceIoControlFile
NtReadFile
RtlGetVersion
NtQueryInformationProcess
RtlNtStatusToDosError
RtlGetNtVersionNumbers
NtCreateFile

bcrypt

BCryptGenRandom

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

oleaut32

VariantClear
GetErrorInfo
SysStringLen
SysAllocString
SysFreeString

psapi

GetModuleFileNameExW
GetPerformanceInfo

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree
NetUserGetLocalGroups

powrprof

CallNtPowerInformation

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 644KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff4eefceb2855fe3d890bf996bd2e897

Headers

DLL Characteristics

File Characteristics

Imports

sas

wtsapi32

secur32

kernel32

advapi32

ole32

user32

iphlpapi

shell32

pdh

ws2_32

gdi32

crypt32

comctl32

ntdll

bcrypt

d3d11

dxgi

oleaut32

psapi

netapi32

powrprof

userenv

Sections

.text Size: 14.5MB - Virtual size: 14.5MB

.rodata Size: 2KB - Virtual size: 2KB

.rdata Size: 8.0MB - Virtual size: 8.0MB

.data Size: 36KB - Virtual size: 364KB

.pdata Size: 247KB - Virtual size: 247KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 644KB - Virtual size: 648KB

.text
Size: 14.5MB - Virtual size: 14.5MB

.rodata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 8.0MB - Virtual size: 8.0MB

.data
Size: 36KB - Virtual size: 364KB

.pdata
Size: 247KB - Virtual size: 247KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 644KB - Virtual size: 648KB