metasploit | f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0.dll
Size

8KB
MD5

d5f8785aedca631c7c8e123dc0e6e35f
SHA1

b1e6ad90352e7d170f3f2d7f3dba3691b8ac9884
SHA256

f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0
SHA512

06a9cb9d0690836b8767d848384cc2a994e65da13404a354220e0f7683821babb6647a848a0a5a49cc528721bb1ffcba9d51eae3b5ef9feceeb5ca6e631ed842
SSDEEP

48:qUr3zU9G4aNVhnX5hthMt6dO28xZMEvCHPAPb:+DIibzs

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/r0YP8_HZj6Xh9eD0h471LAg3P8LpTQjBwuoVU2_qOmLbrRhD7dzVzwh4X1zqWkGpdfKoeGcDyWqM5Vj7W_USDDh

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0.dll

Files

f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0.dll
.dll windows:6 windows x86 arch:x86

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 661B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ