2024-09-21_bc0b6e6c42cde070daf4883ac0628e50_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-21_bc0b6e6c42cde070daf4883ac0628e50_cobalt-strike_megazord
Size

24.7MB
MD5

bc0b6e6c42cde070daf4883ac0628e50
SHA1

152721f6bd605c8319dc10581fda295c694ab9be
SHA256

d048150a400ed416dd0692ec84d593c31e07f4458db5fa8485adb575c35656c8
SHA512

66493e2a46b670e15b5a317a4a5beda395a1469a7faa5f52f587e02e6730188d26ae8ead55f55e3e8c67d547c1f0bd048cd030a4f3e728bf68d6273bc9dfaba5
SSDEEP

393216:OEubMT8wnzqOgJyT8JjAvGK6rVbUojUAstJUHi00dCEnMzN5sM4s8:OEHzqRJfVKtobV6UHitg578

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-21_bc0b6e6c42cde070daf4883ac0628e50_cobalt-strike_megazord

Files

2024-09-21_bc0b6e6c42cde070daf4883ac0628e50_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

54264639424cea47b8bb92f04bc46165

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleW
QueryPerformanceFrequency
WakeAllConditionVariable
GetCommandLineW
SetEnvironmentVariableW
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
DeleteFileW
AddVectoredExceptionHandler
SetThreadStackGuarantee
WaitForSingleObjectEx
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CreateWaitableTimerExW
Sleep
SetWaitableTimer
SetUnhandledExceptionFilter
TerminateProcess
GetQueuedCompletionStatusEx
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
CreateIoCompletionPort
SetFileCompletionNotificationModes
RtlUnwindEx
RtlPcToFileHeader
GetModuleHandleA
RaiseException
EncodePointer
PostQueuedCompletionStatus
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
lstrlenW
TlsGetValue
TlsSetValue
GetLastError
QueryPerformanceCounter
SwitchToThread
CloseHandle
HeapReAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
AcquireSRWLockShared
HeapAlloc
GetProcessHeap
HeapFree
GetComputerNameExW
GetNativeSystemInfo
GetSystemInfo
WakeConditionVariable
SleepConditionVariableSRW
FreeLibrary
LoadLibraryExW
VirtualQuery
LoadLibraryW
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
FormatMessageW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
FindFirstFileW
FindClose
SetHandleInformation
GetSystemTimeAsFileTime
ExitProcess
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
TlsFree

user32

DispatchMessageA
GetKeyboardLayout
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
SetMenu
EnumChildWindows
GetKeyboardState
SendMessageW
GetActiveWindow
FlashWindowEx
GetWindowLongPtrW
GetMessageA
ToUnicodeEx
GetMenu
ClientToScreen
MonitorFromWindow
PostMessageW
GetWindowRect
ReleaseCapture
IsProcessDPIAware
GetCursorPos
CheckMenuItem
EnableMenuItem
VkKeyScanW
GetDC
AppendMenuW
IsWindowVisible
CreateMenu
RedrawWindow
IsIconic
SetWindowTextW
SystemParametersInfoA
PostQuitMessage
ShowWindow
CreateAcceleratorTableW
DestroyIcon
SetMenuItemInfoW
CreateIcon
ShowCursor
ClipCursor
RegisterClassExW
MonitorFromPoint
AdjustWindowRectEx
RegisterWindowMessageA
GetClipCursor
SetWindowLongW
DestroyAcceleratorTable
GetClientRect
GetForegroundWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
InvalidateRgn
SetWindowPlacement
ChangeDisplaySettingsExW
GetUpdateRect
ValidateRect
GetRawInputData
GetSystemMenu
SetWindowPos
GetMonitorInfoW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowPlacement
GetWindowLongW
SetForegroundWindow
DefWindowProcW
TranslateAcceleratorW
GetAncestor
RegisterRawInputDevices
SetWindowLongPtrW
CreateWindowExW
MsgWaitForMultipleObjectsEx
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
PostThreadMessageW
SetCursor
LoadCursorW
SetCursorPos
GetWindowTextW
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowTextLengthW
SendInput
MapVirtualKeyW

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
OleInitialize
CreateStreamOnHGlobal
RegisterDragDrop
CoTaskMemFree
RevokeDragDrop
CoUninitialize

shell32

SHAppBarMessage
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteW
DragFinish

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

crypt32

CertDuplicateCertificateContext
CertDuplicateStore
CertCloseStore
CertDuplicateCertificateChain
CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain

ntdll

NtCancelIoFileEx
NtWriteFile
NtReadFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCreateFile

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
SystemFunction036

secur32

AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
InitializeSecurityContextW
ApplyControlToken
FreeContextBuffer
AcceptSecurityContext
DecryptMessage
EncryptMessage

ws2_32

WSAIoctl
closesocket
freeaddrinfo
WSAStartup
setsockopt
WSAGetLastError
shutdown
WSASocketW
ioctlsocket
bind
connect
getsockopt
WSASend
send
recv
getpeername
getsockname
getaddrinfo
WSACleanup

uxtheme

SetWindowTheme

oleaut32

SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

psapi

GetModuleInformation
GetModuleFileNameExW
EnumProcessModules

api-ms-win-crt-math-l1-1-0

round
__setusermatherr
floor
pow
ceil
trunc

api-ms-win-crt-string-l1-1-0

strlen
wcslen
_wcsicmp
strcpy_s
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

__p___argv
_initialize_narrow_environment
_cexit
_c_exit
_configure_narrow_argv
exit
_register_thread_local_exe_atexit_callback
_initterm_e
_get_initial_narrow_environment
_initterm
_seh_filter_exe
__p___argc
_initialize_onexit_table
_register_onexit_function
_set_app_type
_crt_atexit
abort
_exit
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18.2MB - Virtual size: 18.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54264639424cea47b8bb92f04bc46165

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

crypt32

ntdll

bcrypt

advapi32

secur32

ws2_32

uxtheme

oleaut32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 18.2MB - Virtual size: 18.2MB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 240KB - Virtual size: 239KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 18.2MB - Virtual size: 18.2MB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 240KB - Virtual size: 239KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 36KB - Virtual size: 36KB