Behavioral task
behavioral1
Sample
8b5f536d893e669c3f3fc0ae40057d86640ed851366610682bd882de56bce121N.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
8b5f536d893e669c3f3fc0ae40057d86640ed851366610682bd882de56bce121N.exe
Resource
win10v2004-20241007-en
General
-
Target
8b5f536d893e669c3f3fc0ae40057d86640ed851366610682bd882de56bce121N.exe
-
Size
7KB
-
MD5
c3ca14080019308fa6d1ecb63c8a2a40
-
SHA1
9facf914ad3205032cca3a57f887861a2c580e68
-
SHA256
8b5f536d893e669c3f3fc0ae40057d86640ed851366610682bd882de56bce121
-
SHA512
aeba1bb2c958c663d88ab7b844883b2e13435ad0ebc6278a5b06965f43af6d636e80030329a760ddc0de88ecfa7705cf053577dce2e0a7d0fbe77946128ae3e2
-
SSDEEP
24:eFGStrJ9u0/6LoEnZdkBQAVv1YjuKZqNeNDMSCvOXpmB:is0cookBQYqKrSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
192.168.137.36:9999
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8b5f536d893e669c3f3fc0ae40057d86640ed851366610682bd882de56bce121N.exe
Files
-
8b5f536d893e669c3f3fc0ae40057d86640ed851366610682bd882de56bce121N.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vxfe Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE