metasploit | tmp | Triage

Resubmissions

02/02/2024, 01:08

240202-bhf88scfaj 10

01/02/2024, 16:08

240201-tla6habdgl 10

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

7KB
MD5

943066fd01718c0663f5c3a8811ff7c0
SHA1

a78ea88121135c64e998572054ef639d5fd56a46
SHA256

a426cfa107424fb44f39f7f554b71f48a0367b52e352607d1937b7d8f9e918b9
SHA512

6322663aa255128bffc3e3cf48def2e32327faa96253b22fa1649989f77081bdfbca0b8644afd1c2262cdbd38d1b28c57a77845563cc4e739e31c76ed6a607c3
SSDEEP

24:eFGStrJ9u0/6DZnZdkBQAVKoch7wKLqyeNDMSCvOXpmB:is0qpkBQvzhMSSD9C2kB

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

23.88.46.60:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrrf
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE