Behavioral task
behavioral1
Sample
ubuntu4444.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ubuntu4444.exe
Resource
win10v2004-20240412-en
General
-
Target
ubuntu4444.exe
-
Size
7KB
-
MD5
bff8cf486fa72c4c20743df8339753c7
-
SHA1
9bf03fe9b66a083d7389d08eac7fe5d361cfb12e
-
SHA256
b64ded9cedd9f5b0f0b9f886996f3d09502f73a7b52d24a922185cdbb995f424
-
SHA512
9dbd990294a50e18abfa544b42bb60fdf6178649a6b38814295a4e36248cb2eedc6ab95364c7ba57c4527a69ea764aca532987101450cd09cc234b4c8d92bbff
-
SSDEEP
24:eFGStrJ9u0/6U2SnZdkBQAVAWbKLq32eNDMSCvOXpmB:is06qkBQcmSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
172.234.107.156:4444
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ubuntu4444.exe
Files
-
ubuntu4444.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.jvbq Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE