2024-09-29_82001daa4292f834851a835cfd1f0238_cobalt-strike_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-29_82001daa4292f834851a835cfd1f0238_cobalt-strike_megazord
Size

21.1MB
MD5

82001daa4292f834851a835cfd1f0238
SHA1

823e1a9f66b4b51fcbe519354122fb052e20c903
SHA256

9f797e9f387a5aefb353262e60589c967b55a7ecffd5e9ca27f71c7d5a0e916f
SHA512

7ceca8d00ddb62fa35771beda65b4dec283050035ffce0c08c9686e53440dc826960bfe0f63a6019c91ff482a29dddd6f9905943be9ceb6b5fc6c3da5db774a1
SSDEEP

196608:3VmsVgwxAn/wSQUqcVTHamUI7EV2dBpQS+Fftckgje4OT5M7KglHVy:3Vm4C/wOq6THamJEECSIWmT50KglHw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-29_82001daa4292f834851a835cfd1f0238_cobalt-strike_megazord

Files

2024-09-29_82001daa4292f834851a835cfd1f0238_cobalt-strike_megazord
.exe windows:6 windows x64 arch:x64

5134d73db6a795b71fdcb5231528369f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

user32

SetMenu
GetDC
ReleaseDC
GetActiveWindow
RedrawWindow
PrintWindow
ShowWindow
GetRawInputData
DestroyIcon
DestroyAcceleratorTable
SetCapture
SetWindowLongPtrW
DispatchMessageA
GetMessageA
MsgWaitForMultipleObjectsEx
RegisterWindowMessageA
RegisterRawInputDevices
IsProcessDPIAware
IsIconic
RegisterHotKey
ToUnicodeEx
GetKeyboardLayout
CreateAcceleratorTableW
VkKeyScanW
MapVirtualKeyExW
GetKeyState
EnumChildWindows
GetKeyboardState
SetForegroundWindow
RegisterClassExW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
RegisterClipboardFormatW
ScreenToClient
GetWindowLongW
ClientToScreen
SystemParametersInfoA
GetClientRect
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
MonitorFromPoint
EmptyClipboard
MonitorFromRect
EnumDisplayMonitors
CloseClipboard
CreateIcon
SetClipboardData
PostMessageW
PostQuitMessage
GetClipboardData
TrackMouseEvent
SendInput
AppendMenuW
CreateMenu
SetMenuItemInfoW
UnregisterHotKey
CheckMenuItem
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
ShowCursor
IsClipboardFormatAvailable
OpenClipboard
ClipCursor
GetClipCursor
SetWindowLongW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
SendMessageW
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
EnableMenuItem
GetSystemMenu
GetForegroundWindow
SetCursorPos
InvalidateRgn
ReleaseCapture
DispatchMessageW
TranslateMessage
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
SetCursor
LoadCursorW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
GetAsyncKeyState
CloseTouchInputHandle
GetTouchInputInfo
DestroyWindow

ole32

CoIncrementMTAUsage
CoInitializeEx
RevokeDragDrop
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
RegisterDragDrop
OleInitialize
CoTaskMemFree
CoTaskMemAlloc

comctl32

DefSubclassProc
TaskDialogIndirect
RemoveWindowSubclass
SetWindowSubclass

shell32

ShellExecuteW
SHCreateItemFromParsingName
SHGetKnownFolderPath
DragQueryFileW
SHAppBarMessage
DragFinish

kernel32

EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetUserDefaultUILanguage
LCIDToLocaleName
IsProcessorFeaturePresent
LoadLibraryW
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetModuleHandleW
GlobalFree
DeleteCriticalSection
CreateFileA
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetFileType
GetFileInformationByHandleEx
GetComputerNameExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ReleaseMutex
GetCurrentThread
GlobalAlloc
GetCurrentProcess
GetTempPathW
CreateThread
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GlobalUnlock
GlobalSize
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
GetUserPreferredUILanguages
LoadLibraryExW
RemoveDirectoryW
MoveFileExW
GetEnvironmentVariableW
DeleteFileW
FindFirstFileW
CreateDirectoryW
Sleep
CreatePipe
CreateFileW
FindClose
FindNextFileW
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
GetProcessId
LoadLibraryExA
TerminateProcess
GetExitCodeProcess
GetNativeSystemInfo
GetSystemInfo
GetModuleHandleA
SleepEx
FormatMessageW
WriteFileEx
WaitForSingleObject
CreateEventW
GetStdHandle
SetFilePointerEx
DuplicateHandle
FreeLibrary
HeapFree
HeapAlloc
GetProcessHeap
SetFileInformationByHandle
GlobalLock
TlsAlloc
TlsGetValue
TlsSetValue
GetCommandLineW
PostQueuedCompletionStatus
GetEnvironmentStringsW
GetLastError
GetCurrentDirectoryW
SetLastError
QueryPerformanceCounter
CreateMutexA
GetCurrentProcessId
lstrlenW
LoadLibraryA
WaitForSingleObjectEx
WideCharToMultiByte
GetProcAddress
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetFileInformationByHandle
SetFileCompletionNotificationModes
GetOverlappedResult
SetHandleInformation
ReadFile
TlsFree
GetQueuedCompletionStatusEx
CreateIoCompletionPort

gdi32

SelectObject
CreateCompatibleDC
CreateRectRgn
GetDIBits
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

oleaut32

GetErrorInfo
SysFreeString
SetErrorInfo
SysStringLen

advapi32

ImpersonateAnonymousToken
RevertToSelf
RegOpenKeyExW
RegQueryValueExW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
SystemFunction036

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

uxtheme

SetWindowTheme

ntdll

NtWriteFile
NtCreateFile
RtlGetVersion
NtCancelIoFileEx
RtlNtStatusToDosError
NtReadFile
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

secur32

DeleteSecurityContext
QueryContextAttributesW
ApplyControlToken
EncryptMessage
AcceptSecurityContext
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
InitializeSecurityContextW
FreeContextBuffer

ws2_32

WSACleanup
closesocket
getaddrinfo
freeaddrinfo
WSAStartup
getpeername
getsockname
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSAGetLastError
WSASend
WSAIoctl
setsockopt

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertCloseStore
CertDuplicateStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore

api-ms-win-crt-math-l1-1-0

round
trunc
ceil
floor
pow
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen
wcsncmp
_wcsicmp
wcslen
strcpy_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_configure_narrow_argv
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
abort
_initterm
_initterm_e
exit
_crt_atexit
_exit
__p___argc
__p___argv
strerror
_register_onexit_function
_initialize_onexit_table
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode
calloc

Sections

.text
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5134d73db6a795b71fdcb5231528369f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

user32

ole32

comctl32

shell32

kernel32

gdi32

dwmapi

oleaut32

advapi32

api-ms-win-core-winrt-l1-1-0

uxtheme

ntdll

bcrypt

secur32

ws2_32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.6MB - Virtual size: 7.6MB

.rdata Size: 12.9MB - Virtual size: 12.9MB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 417KB - Virtual size: 417KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 57KB - Virtual size: 57KB

.text
Size: 7.6MB - Virtual size: 7.6MB

.rdata
Size: 12.9MB - Virtual size: 12.9MB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 417KB - Virtual size: 417KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 57KB - Virtual size: 57KB