General
-
Target
Macro.vbs
-
Size
7KB
-
Sample
240922-mg2pbsvcqh
-
MD5
69afce0d871fbb27c821c9c1a4767f2a
-
SHA1
cdc01081e7166553a794249a0a1ddbbc954556b8
-
SHA256
5fb73c68d5cafbb6899fa156aa1cbb57e54e00a88aeb3eb670ca97fd102e7232
-
SHA512
d2168ba0d089f06ce27631858f364bd9e4c5844e040bd9b04f17c787b5518fca8727410a2e1dbdd843961c3ed3a723685b97a36fe7c837ed1e0dd0cb7aeedf40
-
SSDEEP
96:30WZ95e7mwwM8ZzBNy23QD4FjsSfK/ehKdhKLTTBor3Hsj260auGOg:VZ90m1MqQEFjxf0cyKLx8gN9uG1
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_http
http://89.197.154.116:7810/jS5PuYLAgMaqgKuBzGjWdQTVEi-GQrM2B4_HTHXdAE2aRnCnqvVP05HBAODR9DRAs6omOzZ6R5twhmlyIB9o80OX2vreTG_JlWV9tvNFAnlCt3DkvjTIgBW9f1LobBmBTiPk_POSLxJ-BNuxWldFmWo_C8JPpkugBdjv3iK3
Targets
-
-
Target
Macro.vbs
-
Size
7KB
-
MD5
69afce0d871fbb27c821c9c1a4767f2a
-
SHA1
cdc01081e7166553a794249a0a1ddbbc954556b8
-
SHA256
5fb73c68d5cafbb6899fa156aa1cbb57e54e00a88aeb3eb670ca97fd102e7232
-
SHA512
d2168ba0d089f06ce27631858f364bd9e4c5844e040bd9b04f17c787b5518fca8727410a2e1dbdd843961c3ed3a723685b97a36fe7c837ed1e0dd0cb7aeedf40
-
SSDEEP
96:30WZ95e7mwwM8ZzBNy23QD4FjsSfK/ehKdhKLTTBor3Hsj260auGOg:VZ90m1MqQEFjxf0cyKLx8gN9uG1
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-