General
-
Target
198-211-108-182-64.exe
-
Size
7KB
-
MD5
304910197670db7d099919e153987d25
-
SHA1
d8ff49159c4535d08b64f7cc943a42380115492f
-
SHA256
e14b867bb2ec63f082397bcfc26a9896b038c4afd528c3f6a8f206bea035eca6
-
SHA512
4cc1b9950fd1d96cdd85431533c153d3172e1b5496c9ea8cba111b1082c068797024c3eaa34d84bd8730be20f057a242cc8de9a7a6a8660123445234171b887d
-
SSDEEP
24:eFGStrJ9u0/6KInZdkBQAVXx1cYKZqneNDMSCvOXpmB:is0DckBQ++YRSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
198.211.108.182:80
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 198-211-108-182-64.exe
Files
-
198-211-108-182-64.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.iqkb Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE