Overview

overview

10

Static

static

10

USB/autoru...ME.pdf

windows7-x64

3

USB/autoru...ME.pdf

windows10-2004-x64

3

README.exe

windows7-x64

10

README.exe

windows10-2004-x64

10

Resubmissions

02/10/2024, 18:59

241002-xncc5avfne 10

02/10/2024, 18:59

241002-xm42ravfmf 10

02/10/2024, 18:58

241002-xmvhba1gmq 10

02/10/2024, 18:56

241002-xlq4haveqb 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    USB.zip

  • Size

    119KB

  • MD5

    4567d97fb9341d0a12b2e37be42225c4

  • SHA1

    9cb3ae7aec511d927b8eb905239b4738c4ea7f16

  • SHA256

    fe8ffa995b64fd39d0eb9ddf6a1ab68317c3f23d1dc072af75eb5c976f0fbe0a

  • SHA512

    3c9657dd14d86ba5d2f3af1a57b7b05698f9c0c711d89748f1c7956fe3d8023ba85ef930a94bd7f785d6e8e201c7be7b442e8478e76b7590f648e8167b8aa4ee

  • SSDEEP

    3072:Q1jN1XS6OtCXR/XM65vyw0I0q7nKoZ7429kJuY1m6chx:Q1jNRS6OtCXe65vywgqS1m5hx

Score
10/10
pdfjavascriptmetasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

119.63.21.54:4567

Signatures

  • Metasploit family
    metasploit
  • PDF contains JavaScript

    Detects presence of JavaScript in PDF files.

    pdfjavascript
  • PDF contains one or more embedded files

    Detects presence of embedded files in PDF files.

    pdf
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • USB.zip
    .zip

    Password: infected

  • USB/autorun/README.pdf
    .pdf

    Password: infected

  • README.pdf
    .exe windows:4 windows x86 arch:x86

    Password: infected

    481f47bbb2c9c21e108d65f52b04c448


    Headers

    Imports

    Sections

  • USB/autorun/autorun.inf