metasploit | 16939f7e6df2f0a776056713799b2c1a[.]zip | Triage

Sharing

General

Target

16939f7e6df2f0a776056713799b2c1a.zip
Size

1KB
MD5

16939f7e6df2f0a776056713799b2c1a
SHA1

8f67c49fa888090ed8e5cfd47e941a81d746bd8a
SHA256

46c7c6c48b308f75e5d5f585f67fcf7a6ce38446fcd3bc354a3250e7ba1bac83
SHA512

e52a4135bd558691fa3c7800a6bc0fc8b1855feaab819f28457d148a68a45ad34120c31698a6861eb7d725377ec18f1a4647301aa888ec58c59b7600702121fb

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.192.128:8443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/met.exe

Files

16939f7e6df2f0a776056713799b2c1a.zip
.zip
met.exe
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tlnq
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE