2024-09-18_e819035fcb46a34ae9b89311a05be88f_cobalt-strike_megazord_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-18_e819035fcb46a34ae9b89311a05be88f_cobalt-strike_megazord_ryuk
Size

46.2MB
MD5

e819035fcb46a34ae9b89311a05be88f
SHA1

99c200c8c4dcd656dcd2fce7171d3df6ed8e0fe9
SHA256

4a4cdcffb1b6f7492b6cd21da1150e680d308f39110e139bf80e11672c08f877
SHA512

664206940ef640fd630327a9ab37f221422c5525c6df0d4d71d479b547aaafe0cceac499987234d247cc755d1c862092dd887f6811b0763b65a1bbea4b6c4483
SSDEEP

196608:WamgEy8jrypyiS3JFgwCqNpm0hNx+ChlSSxmaWiUXs3KS78aaXd:W/gEdjry4iAJFh/7hVCs3b8aI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-18_e819035fcb46a34ae9b89311a05be88f_cobalt-strike_megazord_ryuk

Files

2024-09-18_e819035fcb46a34ae9b89311a05be88f_cobalt-strike_megazord_ryuk
.exe windows:6 windows x64 arch:x64

8aee2f463d3d1ea233aaae820f492029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CompareStringW
ConvertFiberToThread
ConvertThreadToFiber
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFiber
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount64
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeProcThreadAttributeList
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsThreadAFiber
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MapViewOfFile
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
SetConsoleMode
SetConsoleTextAttribute
SetEnvironmentVariableW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx

ntdll

NtCreateFile
NtReadFile
NtWriteFile
RtlAddFunctionTable
RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

Sections

.text
Size: 31.2MB - Virtual size: 31.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8aee2f463d3d1ea233aaae820f492029

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

bcrypt

advapi32

Sections

.text Size: 31.2MB - Virtual size: 31.2MB

.rdata Size: 13.0MB - Virtual size: 13.0MB

.data Size: 84KB - Virtual size: 99KB

.pdata Size: 1.9MB - Virtual size: 1.9MB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 5KB - Virtual size: 4KB

.tls Size: 3KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 123KB - Virtual size: 123KB

.text
Size: 31.2MB - Virtual size: 31.2MB

.rdata
Size: 13.0MB - Virtual size: 13.0MB

.data
Size: 84KB - Virtual size: 99KB

.pdata
Size: 1.9MB - Virtual size: 1.9MB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 5KB - Virtual size: 4KB

.tls
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 123KB - Virtual size: 123KB