metasploit | 30c042b59ae0dc8f1d31d277e2408c0ea102eaf72093d022dbe5e19e4233abb4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30c042b59ae0dc8f1d31d277e2408c0ea102eaf72093d022dbe5e19e4233abb4
Size

9KB
MD5

0153b9be83439fbfd0dd98462e934d3c
SHA1

b054cc440d1932018f7b1c7b1eaf630504563ead
SHA256

30c042b59ae0dc8f1d31d277e2408c0ea102eaf72093d022dbe5e19e4233abb4
SHA512

9b2d8d9f02a2af1a9c3b72ab88598d159bdff87b130499a64bfa247fa38c2f77ff33f7e8e497a4977b28d8318dda4effabb0caf9e2f34b1c76aeeec2da7c481a
SSDEEP

48:q0r+l6O5aXyn/hNhx4/jC/VYh0ySD9C2URb0E:dX0iWl5

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.137.136:5000

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30c042b59ae0dc8f1d31d277e2408c0ea102eaf72093d022dbe5e19e4233abb4

Files

30c042b59ae0dc8f1d31d277e2408c0ea102eaf72093d022dbe5e19e4233abb4
.dll windows:6 windows x64 arch:x64

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 919B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ