metasploit | fd26a98e95baf880b0519ae0472d04d7[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd26a98e95baf880b0519ae0472d04d7.bin
Size

1KB
MD5

e32b51bc05f033f7ac2b19acbbfad3a9
SHA1

c1f1107f3f765274dd984a090e9e5611560690ab
SHA256

801eef85181f7517cf3776f8a3445d780780cf6ab45296f8cc63836e8be89339
SHA512

7a91a601fbb1338eca12aa008b8ea2b83e9a6e682b2c4df10e194ec5d12a43550cfd602f63a0c3fad4e8cf2e5c5c3c7fc5837b4dcf8c0a33906738a651494c11

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.8:888

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ed60346e3ee4818bffdb2986a37d5c46ad0e87b035027e7851cad0ec9e00554a.dll

Files

fd26a98e95baf880b0519ae0472d04d7.bin
.zip

Password: infected
ed60346e3ee4818bffdb2986a37d5c46ad0e87b035027e7851cad0ec9e00554a.dll
.dll windows x86

Password: infected

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 661B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ