Behavioral task
behavioral1
Sample
a506b5f164f6a1861a631c0ccde945d0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a506b5f164f6a1861a631c0ccde945d0N.exe
Resource
win10v2004-20240709-en
General
-
Target
a506b5f164f6a1861a631c0ccde945d0N.exe
-
Size
7KB
-
MD5
a506b5f164f6a1861a631c0ccde945d0
-
SHA1
1ff584dfa2458b06d0925c8b4cf0820042a769a7
-
SHA256
0a8f8237e0bf7d701e6c47ca30762b74aa83f2167c4561dfd9eef099fa513176
-
SHA512
6347cd7b5678b745a0f11232939c871b0083ed70ae375142f4587131d511dd827f04fc721f6ad0827f1717ce3917ed6bb1f001992861c47598eab3821040f79e
-
SSDEEP
24:eFGStrJ9u0/62PnZdkBQAV2GcaKLq4Lhg0eNDMSCvOXpmB:is0LrkBQ1aYlg0SD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
192.168.75.136:8899
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a506b5f164f6a1861a631c0ccde945d0N.exe
Files
-
a506b5f164f6a1861a631c0ccde945d0N.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.cdcv Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE