Overview

overview

10

Static

static

a0ec45e5a2...b0.vbs

windows7_x64

10

a0ec45e5a2...b0.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0

  • Size

    7KB

  • Sample

    220705-facnaseacp

  • MD5

    dfb14599941880b99894df47efb1f16a

  • SHA1

    7a825416de64b45bc9e553f6aff9c4ddc098d6db

  • SHA256

    a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0

  • SHA512

    e909cd980d8d319db04e1c550bf09e9618ba0e5e81b30b9acefec28bb89683eb90349472074bb4c409ac1091e3adcb708b56d5d4a87ad38402aff3b6a7274286

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

186.95.209.178:4545

Targets

    • Target

      a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0

    • Size

      7KB

    • MD5

      dfb14599941880b99894df47efb1f16a

    • SHA1

      7a825416de64b45bc9e553f6aff9c4ddc098d6db

    • SHA256

      a0ec45e5a2ac6e61515c4e57b096fac59ae78f0849efabad7ab973cd15cbe9b0

    • SHA512

      e909cd980d8d319db04e1c550bf09e9618ba0e5e81b30b9acefec28bb89683eb90349472074bb4c409ac1091e3adcb708b56d5d4a87ad38402aff3b6a7274286

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks