metasploit | 10435836706[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10435836706.zip
Size

982KB
MD5

dc34407fce64573a8f5e8314f8f0d84c
SHA1

15ba3a87a70b8363339878b077a20e77ae29c375
SHA256

f88979bc1878a23f233dda40c07be925c510aef6789ec18445a6cdb30fe8c927
SHA512

d293aa442658678a468e093a22d80a160088e3a1cbd2f85c465ae36dc0c867e5572307fbe1a2bb6af7fcdc17f78ae08eba68bf428c26eae6bafa5e23bda88697
SSDEEP

24576:ZX8B2Qsejy3OTzvzCNej35ljpcV5t9FVN4:sNjycwst2jTX4

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_nonx_tcp

C2

10.10.1.21:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/86b3ce6f12d314e2b9a8ae854f6d4c3b45c91882c8f5b18034ab4ac44641e7f4

Files

10435836706.zip
.zip

Password: infected
86b3ce6f12d314e2b9a8ae854f6d4c3b45c91882c8f5b18034ab4ac44641e7f4
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ