General
-
Target
198-211-108-187-64.exe
-
Size
7KB
-
MD5
aadec3a174e9230a3be5c7686a9d4776
-
SHA1
f7744c61bc9bcc5f642f9338bde063f3ac9cedab
-
SHA256
64bc49cc62b6f011d55a0c9da89d6795cf12952877b54e391ec973947b3f5c79
-
SHA512
8e158c23ca53011e8d8c5f196fce9ac75b541c9ef7699723671d0ecc05a37a8913bda858bc9dc6a1079a2a3851e2486ce942a596d228fa8ec5b6b9b7c737fc70
-
SSDEEP
24:eFGStrJ9u0/6zoNnZdkBQAVXx1cNYKZq4eNDMSCvOXpmB:is0EoNkBQ++2ySD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
198.211.108.187:80
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 198-211-108-187-64.exe
Files
-
198-211-108-187-64.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tccb Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE