General

  • Target

    227d6ba5c7e955cb0435f28a6f51404fd1f0b6749691d3ecd611bbe85dbadeda

  • Size

    46KB

  • MD5

    302a5349b654d8314348c2e9ee3b6f8a

  • SHA1

    c3f6581ab2ef44f632524b44971a17dccd5f6377

  • SHA256

    227d6ba5c7e955cb0435f28a6f51404fd1f0b6749691d3ecd611bbe85dbadeda

  • SHA512

    d748a907572227fc6c8a021501af807057c07b8d3f49ab421983527e905774469a2e3900c7aeb04d6f3b02409b4c6d1de35933142f85af8dafc24d45b942b96d

  • SSDEEP

    768:IhF3z8SeZdatwM29a+OMRFbvZeORasLFAbwMY2bZa2BzS9VLQ+lMq1699sV5JhIa:If5ejvM20+OSiknLKsMYeBzpVi69+VWI

Score
10/10

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.124.19:8088

Signatures

  • Metasploit family
  • UPX dump on OEP (original entry point) 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 227d6ba5c7e955cb0435f28a6f51404fd1f0b6749691d3ecd611bbe85dbadeda
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections