metasploit | 1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

7KB
MD5

ee8682d01ebe57c72d94f80ddae8b066
SHA1

ddcfc625d34349b4b3d0702681db881edb588b56
SHA256

98ce2f18e0f6c95ce3c3044e081a056297d6d163dfd2115a893af276e7dfdd4c
SHA512

d892fbfe7a4d96454411a1c1a16b6fda97799af3502199d72a1a048bcd322ccbace64c8f99be4e326a824924e2477394af6ea6ae089ed8f5007b878f555a8465
SSDEEP

24:eFGStrJ9u0/6G2InZd0BQAV7Y+WYKLq5eNDMSeXixpmB:is04c0BQD+WYZSD9eS2B

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

198.46.226.84:7777

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.exe

Files

1.exe
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wurg
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE