metasploit

General

Target

urus.vbs
Size

7KB
Sample

241115-w5bbqasrbp
MD5

25de5fe745e57db4651b5f94e304bdfa
SHA1

4d9fa4d21d15cc0c03d854231bd70d282372bf8f
SHA256

407e0c29afa9d348ae940f3af63265c1625c48e9a721db9e8ebf152896747188
SHA512

dd493fbb8ad07334c5f7c2b747a7bceedb57ecdf09fbddb9be1f3aab507647df1ee4a5fad5b8092ba62cb20ec6545336eda0a80eff0e6f1cc9eefe8d71a56406
SSDEEP

96:0aEGrT5eQzzLjhYiHsE6lH1CHeWO8gjRNtjOY8GmT:fE2TV/5YiRgHaeN8gjv7mT

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/INxqeV8X2ONsfm1_CojSGwEEM-uE3ldkjmKzAbS4SGewjwSXxNxPVpqjwbZdrPAArvIZkTRvbOjtehX19ggnBeY1pNXSPhdbMzp3rdTENnhsi52l_V9ANGsqF3TrNhOCkNDFy-_D_MRDdn8yVErWpL0WUtCGus_SL4JNOJ0f6

Targets

- Target
  
  urus.vbs
- Size
  
  7KB
- MD5
  
  25de5fe745e57db4651b5f94e304bdfa
- SHA1
  
  4d9fa4d21d15cc0c03d854231bd70d282372bf8f
- SHA256
  
  407e0c29afa9d348ae940f3af63265c1625c48e9a721db9e8ebf152896747188
- SHA512
  
  dd493fbb8ad07334c5f7c2b747a7bceedb57ecdf09fbddb9be1f3aab507647df1ee4a5fad5b8092ba62cb20ec6545336eda0a80eff0e6f1cc9eefe8d71a56406
- SSDEEP
  
  96:0aEGrT5eQzzLjhYiHsE6lH1CHeWO8gjRNtjOY8GmT:fE2TV/5YiRgHaeN8gjv7mT
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2