metasploit

General

Target

Transfer-https.vbs
Size

7KB
Sample

241121-r6t31asqgv
MD5

e2f4a3c6e7570b4424089b24b059c9d0
SHA1

19c12a30f1cde384d948d32d1efa6f8a541e2a60
SHA256

44fd76bed4f91723940931c035a1e92f7d26d7c94dabd15f2e4a8db4f6e48273
SHA512

646e2cd0517745c4b36a3178edd8f48fe46eb29a2053d83f6beb61d9e5205cc97d1a7f9a65ea0190044b87b1275d998779025d7ede2253b455782d5e40e8c0f8
SSDEEP

96:ZGze5ePQfJEgaGscxriEto+TE9sfQcHOB7uczr05LaGejhVPPCyCsB3fD+r2:UzezgfEtoRGocHOBDzr05KbPKyNBG2

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/GHCSKLHA62xAo0GiJ65tlwmFvMO6tQNKeTswMuKxpybsim_N2RnNTId_j8dnBmA9vnYOyNR6EU7eXYS6AY-Rox46MWUiLVByUmCfxHjNCsvWTIsFuGs9e3XKhc2dJ6Jls10lHzhDwU0eh84XVkCbmUwBJfgF33CNXlpD8tpFnQKUyLbbyQTF_Cn32t6uqwBi89JgBGKEY_FfUBSCI4FljPsd9uXGcHm2BThT

Targets

- Target
  
  Transfer-https.vbs
- Size
  
  7KB
- MD5
  
  e2f4a3c6e7570b4424089b24b059c9d0
- SHA1
  
  19c12a30f1cde384d948d32d1efa6f8a541e2a60
- SHA256
  
  44fd76bed4f91723940931c035a1e92f7d26d7c94dabd15f2e4a8db4f6e48273
- SHA512
  
  646e2cd0517745c4b36a3178edd8f48fe46eb29a2053d83f6beb61d9e5205cc97d1a7f9a65ea0190044b87b1275d998779025d7ede2253b455782d5e40e8c0f8
- SSDEEP
  
  96:ZGze5ePQfJEgaGscxriEto+TE9sfQcHOB7uczr05LaGejhVPPCyCsB3fD+r2:UzezgfEtoRGocHOBDzr05KbPKyNBG2
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2