metasploit | 170acead7ffdc29b648cd34305e6c02f45cfbab023dddc8d8118a48867a65518 | Triage

Sharing

General

Target

170acead7ffdc29b648cd34305e6c02f45cfbab023dddc8d8118a48867a65518
Size

7KB
MD5

8c6811ade7b1dc01f21ecedb2c7ab434
SHA1

1639d4a4168c9b0bcbfd53107e010f1cd4d7c4e5
SHA256

170acead7ffdc29b648cd34305e6c02f45cfbab023dddc8d8118a48867a65518
SHA512

9f4ec1a06a93470d26bce635b7e09348d2195776eb624f4fd23337f76c35eaa5b1e11950c84df1a7be3dc3bb28f8ae6d9dd0861dd9ff4afdac7e5c1dd77b8df5
SSDEEP

96:2jm2fnyktw7rA+n/sdO07wTLlkOlGr0pMRwWmSj:L2fnp+radOJTLlkOMaMXrj

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://154.204.58.234:443/jquery-3.3.1.slim.min.js

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170acead7ffdc29b648cd34305e6c02f45cfbab023dddc8d8118a48867a65518

Files

170acead7ffdc29b648cd34305e6c02f45cfbab023dddc8d8118a48867a65518
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\ed9fec85\b90f3d49\App_Web_eemydigx.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ