metasploit | c066ab79e189a38e275894ad1348e64007b9a40de322b673b2bd26da563d43f8 | Triage

Sharing

General

Target

c066ab79e189a38e275894ad1348e64007b9a40de322b673b2bd26da563d43f8
Size

7KB
MD5

eb051f893f442fca59fa0a6fe50a8e4d
SHA1

94f8c47865582c20b53f3c08e09da9fbece051b8
SHA256

c066ab79e189a38e275894ad1348e64007b9a40de322b673b2bd26da563d43f8
SHA512

c1a092857fcc758dc3912a01e8139f162a886ce36986bf148bfff743e2b9aae803474b0ceb83952ab6efd0306779a751def407601a63b7ebcff5b7b65116e3dd
SSDEEP

96:/xE858VTboAOWtYZpzuavcrYzwpLezKA+lGppXisZNzY:/xkoAOOSp/vcrJpLezKxMDX73Y

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

103.246.113.33:1433

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c066ab79e189a38e275894ad1348e64007b9a40de322b673b2bd26da563d43f8

Files

c066ab79e189a38e275894ad1348e64007b9a40de322b673b2bd26da563d43f8
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\3a31aaac\469600de\App_Web_143364.aspx.cdcab7d2.1nd5ctze.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ