metasploit | 8dc50fcd6c7ac3e097dda62c67790db1181fb7de8cf475998f17761d87b397a3 | Triage

Sharing

General

Target

8dc50fcd6c7ac3e097dda62c67790db1181fb7de8cf475998f17761d87b397a3
Size

7KB
MD5

c0bdc016e80d89149cbc97315e5d430e
SHA1

3f853df9f25f963f24ed5014e671862011727c98
SHA256

8dc50fcd6c7ac3e097dda62c67790db1181fb7de8cf475998f17761d87b397a3
SHA512

8c26c8af0e398c60c6e222add6ae6058cd80efc2f369da9610b035aaf5566f068a1bbed6e09677687f70b08dbba958f4e42df144919ea63974da33634944efde
SSDEEP

96:kjm2fnykOOE/GZK9aFG7dpZ7wTaleHlGrMpMCTOBS:p2fnqz+QcA7dp+TaleHMSMGd

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://154.204.58.234:443/jquery-3.3.1.slim.min.js

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dc50fcd6c7ac3e097dda62c67790db1181fb7de8cf475998f17761d87b397a3

Files

8dc50fcd6c7ac3e097dda62c67790db1181fb7de8cf475998f17761d87b397a3
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\f45bc964\47f6fef3\App_Web_agm4q53p.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ