metasploit | 8b6004e18e26ff9e2d3c8e3d11123159[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b6004e18e26ff9e2d3c8e3d11123159.bin
Size

1KB
MD5

cf1103d0e323ca1188d68582f9736a20
SHA1

e8952996ef9b6fc53cab6a4b6f7c34f5ccb484e4
SHA256

e365d99b865d38ede7c6d5ca9de380d888b18063ca05a89695a9da1d88450d28
SHA512

840df6b8d5ff97d193a6ea7d2eab9f40867ff8b2434774c9c530a76cac46e27b9dd43586fd09bb4e07f42b6ae543f7a930b862d82fb8748a1d71e26136cdabf7

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

47.102.138.85:10010

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8012df1d348d1fd3a17244e9582a9d6f6057332a2391c9abc68a2b67a1426f89.exe

Files

8b6004e18e26ff9e2d3c8e3d11123159.bin
.zip

Password: infected
8012df1d348d1fd3a17244e9582a9d6f6057332a2391c9abc68a2b67a1426f89.exe
.exe windows x64

Password: infected

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sgee
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE