metasploit | c167e538be83be3e6a9149a157bafd8d | Triage

Sharing

General

Target

c167e538be83be3e6a9149a157bafd8d
Size

19KB
MD5

c167e538be83be3e6a9149a157bafd8d
SHA1

f914ef54cec23702ee2bfe6c6273ada0267b5e18
SHA256

34cce03af73c4a52eb742210b6078e0cb685a0544872aa4c39d2eb29b76cf533
SHA512

57ce7110aa5b76db23b5c77db1e95cf49ab711faf625f3279bac692f3dfdb431e21e9eb0f4c3b9487c3b5c33892ab8d85d8fca52f8e80e8b8ef6b931bdb69199
SSDEEP

384:sCIBBUeoB7+mT2ViGQh439Os/EqGQydkIuKA4m1i31JlHf:uohHTEzf3d/5io6JlH

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

metasploit_stager

C2

10.0.2.15:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c167e538be83be3e6a9149a157bafd8d

Files

c167e538be83be3e6a9149a157bafd8d
.exe windows:4 windows x64 arch:x64

91f60abb261c080f269b7b7ef572a1a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess
LoadLibraryA
GetProcAddress

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE