metasploit | s2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

s2
Size

124KB
MD5

32bca63e32bfa7abf23e77edd30478d6
SHA1

57beba1d54428d559fd3ed8d258a691990cd0245
SHA256

c6b4471618c370d9216fc3632dc258ad460471e2385ded2f2929133e9b1e67ab
SHA512

3a0f987a78316728da4ee30ea307919a2b73c9b85c0cbe24e179f4c6bb6255d89fc056f1d3f9f56bd6ff6ad40e22521fc581f08630a8759bed9cc3892c81b553
SSDEEP

24:eFGStrJ9u0/6HVnZd0BQAV23WOxxYKLq3eNDMSCLbgOWpmB:is06V0BQrxxYXSD9CLxZB

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

1.14.247.162:40001

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
s2

Files

s2
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.euwc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE