metasploit | 9cf3fc2cae0c1f083321ad11576a83d4209a2db0a525763eeeb223c369e7da1bN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9cf3fc2cae0c1f083321ad11576a83d4209a2db0a525763eeeb223c369e7da1bN
Size

15KB
MD5

267a96061366dac5774e2b7498e0dab0
SHA1

866ad1ae0411b0e580597853e6197bf8a7f148b4
SHA256

9cf3fc2cae0c1f083321ad11576a83d4209a2db0a525763eeeb223c369e7da1b
SHA512

ab887fdd5ab2005979b13221551bd07ae671b9c9273be8dbb013a3b2530ad6535e989ddd81ac0aa2923765d49ece1d32a1958f8d87b6094239f25e24a700715e
SSDEEP

96:nnYBxbTmBBjkcfrAlhNHc2BywoAJPQYi3K1DntAfdomPdHWsyzUpQw7b:n+bTQBk4Alh9pBpbtQYQK5YouI1Ub7b

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.0.129.128:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cf3fc2cae0c1f083321ad11576a83d4209a2db0a525763eeeb223c369e7da1bN

Files

9cf3fc2cae0c1f083321ad11576a83d4209a2db0a525763eeeb223c369e7da1bN
.exe windows:4 windows x86 arch:x86

b093b9b6223af7f9e72d34d8765aa77f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateProcessA
ExitProcess
GetThreadContext
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory

msvcrt

memset

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE