Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown |
Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: Detects Meterpreter stager payload Author: ditekSHen |
Source: 0.2.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: 0.2.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: 0.2.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown |
Source: 0.0.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: 0.0.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: 0.0.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown |
Source: 00000000.00000000.2035464855.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: 00000000.00000000.2035464855.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: 00000000.00000000.2035464855.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown |
Source: 00000000.00000002.3275434407.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: 00000000.00000002.3275434407.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: 00000000.00000002.3275434407.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_91bc5d7d Author: unknown |
Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04 |
Source: VInxSo1xrN.exe, type: SAMPLE | Matched rule: MALWARE_Win_MeterpreterStager author = ditekSHen, description = Detects Meterpreter stager payload |
Source: 0.2.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: 0.2.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: 0.2.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04 |
Source: 0.0.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: 0.0.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: 0.0.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04 |
Source: 00000000.00000000.2035464855.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: 00000000.00000000.2035464855.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: 00000000.00000000.2035464855.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04 |
Source: 00000000.00000002.3275434407.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: 00000000.00000002.3275434407.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: 00000000.00000002.3275434407.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_91bc5d7d reference_sample = 0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987, os = windows, severity = x86, creation_date = 2021-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 8848a3de66a25dd98278761a7953f31b7995e48621dec258f3d92bd91a4a3aa3, id = 91bc5d7d-31e3-4c02-82b3-a685194981f3, last_modified = 2021-10-04 |
Source: Yara match | File source: VInxSo1xrN.exe, type: SAMPLE |
Source: Yara match | File source: 0.2.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.VInxSo1xrN.exe.140000000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000000.2035464855.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3275434407.0000000140004000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY |