metasploit | 8c3a14eb405fa4acbbe7a79ef9a2f0432734487b0cca0cd9aaf7bb7d91905a9cN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c3a14eb405fa4acbbe7a79ef9a2f0432734487b0cca0cd9aaf7bb7d91905a9cN
Size

8KB
MD5

1202bf2d768d72b9e1343f0e65c72f70
SHA1

96723863971d3ebad7d35499a6edf7b02194bb44
SHA256

8c3a14eb405fa4acbbe7a79ef9a2f0432734487b0cca0cd9aaf7bb7d91905a9c
SHA512

5c1897fa103fb0ed95bbe86038673e6dc07ef29f79260d76730bd162aac64e54485adf4038fa667c028799d2b260b071578928449ed35d2b336ab884759f8b17
SSDEEP

48:qD+6O5aXsn+h1h8AjaGGHR+WYrsSD9C2Z1fbkL:GXiR+PrL5F14L

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.202.193:21

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c3a14eb405fa4acbbe7a79ef9a2f0432734487b0cca0cd9aaf7bb7d91905a9cN

Files

8c3a14eb405fa4acbbe7a79ef9a2f0432734487b0cca0cd9aaf7bb7d91905a9cN
.dll windows:6 windows x64 arch:x64

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 919B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ