General
-
Target
d35d291773c38a13aabc7ab1a38bbd91.vbs
-
Size
7KB
-
Sample
241206-km65wsvmfl
-
MD5
d35d291773c38a13aabc7ab1a38bbd91
-
SHA1
c5feca9e998f22ba4fe119816c468da30a83b935
-
SHA256
a5a9aaf3641c4243d3812d6fa638fec21ee2a81acc5845778760f1c3827b5c18
-
SHA512
74ac31a2affc0416b0927b32504eef4ea51db143f1a17d0c574aff74c9d10fca92f7df52bcd043acb0f68da174d0f8b5c1b1ae076a141ff82a891c651e59b671
-
SSDEEP
192:5JskGMOU0d02GNChlRD2YtYDdnlpzg/BzP:RGM9e02ECB2YWrpsZzP
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_http
http://89.197.154.116:7810/eHF-4tVTnNnq3-vejdLJogPiK3ZJIfBMUU62cmVlE9wjtuWSickS7QKt5X9Hh9rbWOGSx3mSkw2thVfP2JbI7rn_FcQhaZ3C
Targets
-
-
Target
d35d291773c38a13aabc7ab1a38bbd91.vbs
-
Size
7KB
-
MD5
d35d291773c38a13aabc7ab1a38bbd91
-
SHA1
c5feca9e998f22ba4fe119816c468da30a83b935
-
SHA256
a5a9aaf3641c4243d3812d6fa638fec21ee2a81acc5845778760f1c3827b5c18
-
SHA512
74ac31a2affc0416b0927b32504eef4ea51db143f1a17d0c574aff74c9d10fca92f7df52bcd043acb0f68da174d0f8b5c1b1ae076a141ff82a891c651e59b671
-
SSDEEP
192:5JskGMOU0d02GNChlRD2YtYDdnlpzg/BzP:RGM9e02ECB2YWrpsZzP
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-