2024-10-18_68b7bac8fa49ad55d09c51b508d51076_cobalt-strike_megazord_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-18_68b7bac8fa49ad55d09c51b508d51076_cobalt-strike_megazord_ryuk
Size

29.0MB
MD5

68b7bac8fa49ad55d09c51b508d51076
SHA1

11540658f8d34e46e658fb0620d9a6d868b1c756
SHA256

c0b317f84b5f10c2bd59f9f0a58a7c84f7dfdc2ad4a30d27eadba7ea13c7ba99
SHA512

d26244c22e928a1f381d38a757093a525f073f704fa2eb53bae6b6b5f81e751c4e96b5e8255edc71b707a2b13f5309be9358385ce05aec26940d524ce33c07f9
SSDEEP

786432:6UZ3Ue2NtuJFUk8xNCNy2NuLZPv73xTpe8i:jUe2a+xNCNy2I1PTf5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-18_68b7bac8fa49ad55d09c51b508d51076_cobalt-strike_megazord_ryuk

Files

2024-10-18_68b7bac8fa49ad55d09c51b508d51076_cobalt-strike_megazord_ryuk
.exe windows:6 windows x64 arch:x64

1d294a89dfa5cccc79f25d6bb7b51ae4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gamedriver.pdb

Imports

kernel32

AddVectoredExceptionHandler
CheckRemoteDebuggerPresent
CloseHandle
CompareStringOrdinal
CompareStringW
CreateDirectoryW
CreateFileW
CreateNamedPipeW
CreateProcessW
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DeleteProcThreadAttributeList
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExA
FindFirstFileW
FindNextFileA
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessIoCounters
GetProcessTimes
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimePreciseAsFileTime
GetSystemTimes
GetTickCount64
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeProcThreadAttributeList
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
K32GetPerformanceInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalFree
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFileEx
ReadProcessMemory
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableA
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadExecutionState
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UpdateProcThreadAttribute
VirtualQueryEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

ntdll

NtQueryInformationProcess
NtQuerySystemInformation
NtWriteFile
RtlGetVersion
RtlNtStatusToDosError

advapi32

CopySid
GetLengthSid
GetTokenInformation
IsValidSid
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SystemFunction036

bcrypt

BCryptGenRandom

powrprof

CallNtPowerInformation

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
PropVariantClear

shell32

CommandLineToArgvW
ShellExecuteExW

oleaut32

GetErrorInfo
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

psapi

GetModuleFileNameExW

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

propsys

PropVariantToBSTR
VariantToPropVariant

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28.7MB - Virtual size: 28.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 42B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d294a89dfa5cccc79f25d6bb7b51ae4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

advapi32

bcrypt

powrprof

ole32

shell32

oleaut32

psapi

pdh

propsys

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 28.7MB - Virtual size: 28.7MB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 7KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 128B

.tls Size: 512B - Virtual size: 153B

.voltbl Size: 512B - Virtual size: 42B

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 28.7MB - Virtual size: 28.7MB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 7KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 128B

.tls
Size: 512B - Virtual size: 153B

.voltbl
Size: 512B - Virtual size: 42B

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 2KB - Virtual size: 1KB