metasploit | 6c87938c8b25165f5e03f1a5ef36d3a7ba5a5fe32670ca819d52ebfd39eb21ea[.]exe | Triage

Sharing

General

Target

6c87938c8b25165f5e03f1a5ef36d3a7ba5a5fe32670ca819d52ebfd39eb21ea.exe
Size

9KB
MD5

268ae1fb7d22920ce3c20242d93ac271
SHA1

01be997ffe78f676bbd183dabafef2051862b633
SHA256

6c87938c8b25165f5e03f1a5ef36d3a7ba5a5fe32670ca819d52ebfd39eb21ea
SHA512

d312bab1705d2a3c9c685cd63060efb36ad35b6c5eb53e2f135e61006e03dc86ef0517f03842d2b2dc6168a6d805de67541f6101b966b7c38c6adcc411b12f76
SSDEEP

48:q0r+l6O5aXyn/hNhx4/jC/VGt+hGSD9eSrzb0E:dX0kt+hJ5eS

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

139.59.198.47:3566

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c87938c8b25165f5e03f1a5ef36d3a7ba5a5fe32670ca819d52ebfd39eb21ea.exe

Files

6c87938c8b25165f5e03f1a5ef36d3a7ba5a5fe32670ca819d52ebfd39eb21ea.exe
.dll windows:6 windows x64 arch:x64

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 919B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ