Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20230915-en
General
-
Target
sample.7z
-
Size
1010B
-
MD5
be5464da8e91d56cfc776c703dd1116b
-
SHA1
b61b79b833d933fbfd542fd52d696ee7e2332c18
-
SHA256
f8b31c7776580d51a1c3728e03f014070e8e6b66738ed2f91157879911e67ff2
-
SHA512
bb9f31d34497194fd0f6c3be751a14a40a443a059573e68e95ebf44bc33ba2693dceb3709bd81304a91701d81910bf5bcee0a65f2083ffe11b5a929327313ae8
Malware Config
Extracted
metasploit
metasploit_stager
176.105.255.46:50015
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/sample.exe
Files
-
sample.7z.7z
Password: infected
-
sample.exe.exe windows:4 windows x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pgjc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE