metasploit | d308ba94a07f82a2ff7288ace41d4c70N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d308ba94a07f82a2ff7288ace41d4c70N.exe
Size

8KB
MD5

d308ba94a07f82a2ff7288ace41d4c70
SHA1

cca0d2b5e16bb358b1003006fc27a3b54a02d8d5
SHA256

95ae06e0cda785be2cb4d26784266f7698cf5f5d5380ad992ffe59fceb51316a
SHA512

f37a23ac145614388a839940f102c9b5cc30b94080362ea25c9721bdbbc48d5d7381fb2cc95f570cc2f5250581d01f740625cd2a2471474cb097eafed1e5c891
SSDEEP

48:id+P3zSSxPIux486DhFhklWqJ1ATdF88jxJ1C7ff:QvSx335JORFVJC

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

109.196.166.4:4412

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d308ba94a07f82a2ff7288ace41d4c70N.exe

Files

d308ba94a07f82a2ff7288ace41d4c70N.exe
.dll windows:6 windows x86 arch:x86

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 613B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ