metasploit | 52607c1a315b3bf9131cc32a5ffcf2d94be51901155d324e89c27e129236d82a | Triage

Sharing

General

Target

52607c1a315b3bf9131cc32a5ffcf2d94be51901155d324e89c27e129236d82a
Size

7KB
MD5

f49670a22c1c7e78fd1cebcf555e2fc7
SHA1

1a4895c57e4a6b52034fb7505c2660fa5c160059
SHA256

52607c1a315b3bf9131cc32a5ffcf2d94be51901155d324e89c27e129236d82a
SHA512

0ff456ef6957a345914d55c90baed9b82456330ad79a485580b4acc555653ab7891468897e1595a76dccfca3217afd1e041015f6e8611bd89992f579e555c48d
SSDEEP

96:hjm2fnyktw7rA+n/sPOG7wTLlefnlGr0pMahYS:E2fnp+raPOrTLlmnMaMg

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://154.204.58.234:443/jquery-3.3.1.slim.min.js

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52607c1a315b3bf9131cc32a5ffcf2d94be51901155d324e89c27e129236d82a

Files

52607c1a315b3bf9131cc32a5ffcf2d94be51901155d324e89c27e129236d82a
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\ed9fec85\b90f3d49\App_Web_xgvjhu4q.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ