General
-
Target
a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0
-
Size
7KB
-
Sample
220705-facnaseacp
-
MD5
dfb14599941880b99894df47efb1f16a
-
SHA1
7a825416de64b45bc9e553f6aff9c4ddc098d6db
-
SHA256
a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0
-
SHA512
e909cd980d8d319db04e1c550bf09e9618ba0e5e81b30b9acefec28bb89683eb90349472074bb4c409ac1091e3adcb708b56d5d4a87ad38402aff3b6a7274286
Static task
static1
Behavioral task
behavioral1
Sample
a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0.vbs
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0.vbs
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
186.95.209.178:4545
Targets
-
-
Target
a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0
-
Size
7KB
-
MD5
dfb14599941880b99894df47efb1f16a
-
SHA1
7a825416de64b45bc9e553f6aff9c4ddc098d6db
-
SHA256
a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0
-
SHA512
e909cd980d8d319db04e1c550bf09e9618ba0e5e81b30b9acefec28bb89683eb90349472074bb4c409ac1091e3adcb708b56d5d4a87ad38402aff3b6a7274286
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-