metasploit

General

Target

504d61c9447282fbaf2800bdea63874a94550774950f46090e4ef6b91389c6fd
Size

3KB
Sample

241205-vphkeszmgr
MD5

db8b68a8bc6ce9148832ed16734973a4
SHA1

057cf165f26deb25031c723e378c04ab26a1eed7
SHA256

504d61c9447282fbaf2800bdea63874a94550774950f46090e4ef6b91389c6fd
SHA512

88d7a4a5557f3d325842b09aafeaf26b0ea8dae48e05740abf11157635d282b469f285ba4c5aa0adfa4a2692516b465e324d17976d4491a8690480676546981f

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/GHCSKLHA62xAo0GiJ65tlwmFvMO6tQNKeTswMuKxpybsim_N2RnNTId_j8dnBmA9vnYOyNR6EU7eXYS6AY-Rox46MWUiLVByUmCfxHjNCsvWTIsFuGs9e3XKhc2dJ6Jls10lHzhDwU0eh84XVkCbmUwBJfgF33CNXlpD8tpFnQKUyLbbyQTF_Cn32t6uqwBi89JgBGKEY_FfUBSCI4FljPsd9uXGcHm2BThT

Targets

- Target
  
  Transfer-https.vbs
- Size
  
  7KB
- MD5
  
  e2f4a3c6e7570b4424089b24b059c9d0
- SHA1
  
  19c12a30f1cde384d948d32d1efa6f8a541e2a60
- SHA256
  
  44fd76bed4f91723940931c035a1e92f7d26d7c94dabd15f2e4a8db4f6e48273
- SHA512
  
  646e2cd0517745c4b36a3178edd8f48fe46eb29a2053d83f6beb61d9e5205cc97d1a7f9a65ea0190044b87b1275d998779025d7ede2253b455782d5e40e8c0f8
- SSDEEP
  
  96:ZGze5ePQfJEgaGscxriEto+TE9sfQcHOB7uczr05LaGejhVPPCyCsB3fD+r2:UzezgfEtoRGocHOBDzr05KbPKyNBG2
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2