Behavioral task
behavioral1
Sample
mkii.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
mkii.exe
Resource
win10v2004-20230915-en
General
-
Target
mkii.exe
-
Size
7KB
-
MD5
2acde47362ca572d56e3c9274e8328eb
-
SHA1
6bca00676686ae89fbdaf0e79c29a3502bc296b0
-
SHA256
59d33e81b3bdb4ce0af6328c79a271ea77369267b4faff6c22c1006ba115d1b4
-
SHA512
4a9613889526f78f3ccc5cb60e9f469d5128e61ea690e1b8e386410d24ce7f9e0cab1dc8ac30de02875f578a7b7345ad3be9abf5f335706704f1878decdb323e
-
SSDEEP
24:eFGStrJ9u0/6T+ZnZdkBQAVbYfYKZqTeNDMSCvOXpmB:is02+pkBQjQdSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
150.158.139.244:4433
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource mkii.exe
Files
-
mkii.exe.exe windows x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rzwp Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE