metasploit | tv2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tv2.exe
Size

7KB
MD5

108f1fb53a61d46e8df4331ed0724c9d
SHA1

512d4739314c1f019e57897a1e5176488a7fa929
SHA256

dd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a
SHA512

5391cf3c505edb537f0890f19f82470346c40afcee6ac5858bdc75ec416ff82ec0150f970fe53d6288979245ffa0843261484b9882e498009b67c5138889dc97
SSDEEP

24:eFGStrJ9u0/67BnZdkBQAVWWcfwKZqweNDMSCvOXpmB:is0CRkBQxoOSD9C2kB

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

191.232.181.180:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tv2.exe

Files

tv2.exe
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.suxx
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE