metasploit | 84349b1aac6ac98da9a622ecee6bb1e89b3a42edcdb295a8ce8dfc9e2cb01759 | Triage

Sharing

General

Target

84349b1aac6ac98da9a622ecee6bb1e89b3a42edcdb295a8ce8dfc9e2cb01759
Size

104KB
MD5

6391fe049a873b58b39e1494fd1637d1
SHA1

a915af42d4260c012d2bfe1c2ea37513ac4d6b6c
SHA256

84349b1aac6ac98da9a622ecee6bb1e89b3a42edcdb295a8ce8dfc9e2cb01759
SHA512

1848f03a2d7b9b346dd556df28d45a9fd38e2a4241ce5f5fca00a6f6d8b4a3afd9171a10dd6af18d7cb334a6c4c0ce70e866ceb67f8ab60865539a4e32141b88
SSDEEP

3072:mgfgb7ebbif/Cu+PGGSp7OoWT7SlxFPUvj86k8TEoKBa6Qnr:moMEOf/mPjSJxBUvvk8Tn6Sr

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.230.129:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84349b1aac6ac98da9a622ecee6bb1e89b3a42edcdb295a8ce8dfc9e2cb01759

Files

84349b1aac6ac98da9a622ecee6bb1e89b3a42edcdb295a8ce8dfc9e2cb01759
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ