General
-
Target
2e9e9961eb260b6910fcf2f4f4e50a3e_NEAS.exe
-
Size
82KB
-
Sample
240506-vkac9aah8x
-
MD5
2e9e9961eb260b6910fcf2f4f4e50a3e
-
SHA1
b21cd698b155a3c7529dbc7eee3ac6542b2e6ceb
-
SHA256
dba57628a913cb0f0f0afd0f620f16dd4effad4f9e04a4375803dc42d34ff916
-
SHA512
0ed1c8eb9bb67dcac2da31c48060e6ba57600298f4df43e3550c279cbedad45cc4c3ba1d28f0ab20ac2e520d23b8f2694afd01012691769fd4464543c4a1b990
-
SSDEEP
1536:lYJkwfzL4hWgqlo3RJ7t1V3QMc9vR7KTDYpPpJDeyk:6fzL44gqlaJB33MPKnaJDeyk
Static task
static1
Behavioral task
behavioral1
Sample
2e9e9961eb260b6910fcf2f4f4e50a3e_NEAS.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Extracted
metasploit
windows/download_exec
http://cs.bihuo.cn:111/R4mi
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)
Targets
-
-
Target
2e9e9961eb260b6910fcf2f4f4e50a3e_NEAS.exe
-
Size
82KB
-
MD5
2e9e9961eb260b6910fcf2f4f4e50a3e
-
SHA1
b21cd698b155a3c7529dbc7eee3ac6542b2e6ceb
-
SHA256
dba57628a913cb0f0f0afd0f620f16dd4effad4f9e04a4375803dc42d34ff916
-
SHA512
0ed1c8eb9bb67dcac2da31c48060e6ba57600298f4df43e3550c279cbedad45cc4c3ba1d28f0ab20ac2e520d23b8f2694afd01012691769fd4464543c4a1b990
-
SSDEEP
1536:lYJkwfzL4hWgqlo3RJ7t1V3QMc9vR7KTDYpPpJDeyk:6fzL44gqlaJB33MPKnaJDeyk
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5