metasploit | c0074648e33e0a44464c9369e8479e657b2741d54a8f7d65c2c6b7e7691cce3a | Triage

Sharing

General

Target

c0074648e33e0a44464c9369e8479e657b2741d54a8f7d65c2c6b7e7691cce3a
Size

40KB
MD5

073da70073682e6ac837c22c4f818fa8
SHA1

c19a619c5ca833350d07989175e46cd7d3d39aa0
SHA256

c0074648e33e0a44464c9369e8479e657b2741d54a8f7d65c2c6b7e7691cce3a
SHA512

20dc3f9175ee05c3d3434e79226056a7eaac4cb474f307dbc9fa226ea72a73c009b4d0759bd40d8dc642ff01c958fad4fd6ef5418385b426edaaa106469a8e84
SSDEEP

768:Yvjva769rr4OT8ZK0zakVLdFttqGVTiq+27ias:YvO6h4O8H7hJ7ias

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://154.204.58.234:443/jquery-3.3.1.slim.min.js

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0074648e33e0a44464c9369e8479e657b2741d54a8f7d65c2c6b7e7691cce3a

Files

c0074648e33e0a44464c9369e8479e657b2741d54a8f7d65c2c6b7e7691cce3a
.dll .js windows:4 windows x86 arch:x86 polyglot

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\76370b86\4e1c9621\App_Web_hcsignyu.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ