metasploit | NEAS[.]b3c77a98a85e7076f9345090685f5b20[.]exe

General

Target

NEAS.b3c77a98a85e7076f9345090685f5b20.exe
Size

5.8MB
MD5

b3c77a98a85e7076f9345090685f5b20
SHA1

ea5cc1a249ca6b90d1d7a561ddfa792f101e3220
SHA256

0d16480ae7348bc29a718298b290e5ff25d0a3ddca5061cfc1283819edd875ac
SHA512

1d5dfc44e0cab914aa59dce048d180e06bb6919b02c84757a10688d383f28f11d97f93354df906f6416b8e3b7d072a21d2abe51dccc909f7514d1a7ad9a120aa
SSDEEP

98304:0gBOLscYr9NrQO6lSdAd7qvlyBhbUhrZsTY3ycd8izlxGhzAqK44YzXp2juHsNGz:dOoc+dQO6+Ad7qdriTYlfzlIhMS2KHAu

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

metasploit_stager

C2

146.220.185.23:2284

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b3c77a98a85e7076f9345090685f5b20.exe

Files

NEAS.b3c77a98a85e7076f9345090685f5b20.exe
.exe windows:4 windows x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 18.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 762B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

87bed5a7cba00c7e1f4015f1bdae2183

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 10KB - Virtual size: 10KB

.itext Size: - Virtual size: 18.4MB

.rdata Size: 1024B - Virtual size: 762B

.data Size: 5.2MB - Virtual size: 5.2MB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 768B

.text Size: 539KB - Virtual size: 538KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 10KB - Virtual size: 10KB

.itext
Size: - Virtual size: 18.4MB

.rdata
Size: 1024B - Virtual size: 762B

.data
Size: 5.2MB - Virtual size: 5.2MB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 768B

.text
Size: 539KB - Virtual size: 538KB

.rsrc
Size: 18KB - Virtual size: 18KB