General
-
Target
nDqOiSmU.vbs
-
Size
10KB
-
Sample
240630-p7b8ga1fml
-
MD5
161b4e988b395a2942c84f127f36a274
-
SHA1
2d43c412b6939557de9770944eae7bd87c9dc363
-
SHA256
aaebe94f90f33e30b24bbce26899e6c5d6dfb63abd91d32e45d42abc5933755a
-
SHA512
dec2fba3fc3ebe45dac3fe80921eaae39044efa5ba37ee19d8838c5eaab2c779ddda57c58df77b44eace700c902eac440f0cf64158ab2bf54c26cdf044e8bc48
-
SSDEEP
48:ZHG0n6qtcQaryowcGDDuJ22GZSo2ke5ETurr5WeXDatEAc7Aum:Y2KryowcGDDuJ23Te5ETusemQXm
Static task
static1
Behavioral task
behavioral1
Sample
nDqOiSmU.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
nDqOiSmU.vbs
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
metasploit_stager
51.75.140.195:4444
Targets
-
-
Target
nDqOiSmU.vbs
-
Size
10KB
-
MD5
161b4e988b395a2942c84f127f36a274
-
SHA1
2d43c412b6939557de9770944eae7bd87c9dc363
-
SHA256
aaebe94f90f33e30b24bbce26899e6c5d6dfb63abd91d32e45d42abc5933755a
-
SHA512
dec2fba3fc3ebe45dac3fe80921eaae39044efa5ba37ee19d8838c5eaab2c779ddda57c58df77b44eace700c902eac440f0cf64158ab2bf54c26cdf044e8bc48
-
SSDEEP
48:ZHG0n6qtcQaryowcGDDuJ22GZSo2ke5ETurr5WeXDatEAc7Aum:Y2KryowcGDDuJ23Te5ETusemQXm
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-