Static task
static1
Behavioral task
behavioral1
Sample
942caf43d7a1a14594ecb47c6e6d2b46f5ef6c4d3e32131e84f3a670f411189d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
942caf43d7a1a14594ecb47c6e6d2b46f5ef6c4d3e32131e84f3a670f411189d.exe
Resource
win10v2004-20220414-en
General
-
Target
942caf43d7a1a14594ecb47c6e6d2b46f5ef6c4d3e32131e84f3a670f411189d
-
Size
7KB
-
MD5
21c2d93af4aaf977ae530e563d626751
-
SHA1
fe9f8e080d2f4127b2f4b416e5537f0180fb3895
-
SHA256
942caf43d7a1a14594ecb47c6e6d2b46f5ef6c4d3e32131e84f3a670f411189d
-
SHA512
a8cfca41e94b256253c4c416da88374366080a5242eae912c309bded438ed643521e9535c5b9e6c0be855c64faa716db6aa57b8fcb0c0d9e1d59d7ad13d76a63
-
SSDEEP
24:eFGStrJ9u0/6gDkl/nZdkjBQAVuXnV9ADa+gD+pELzQdIDtK91npTu3JVMGLO+gP:is0qlb4BQJXnV9HSLI4ZuLTLOrB
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
metasploit_stager
161.246.67.165:7654
Signatures
-
Metasploit family
Files
-
942caf43d7a1a14594ecb47c6e6d2b46f5ef6c4d3e32131e84f3a670f411189d.exe windows x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pfjo Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE