SYMBOLCOMMON_NAMEaka. SYNONYMS
vbs.randomquery (Back to overview)

RandomQuery

Actor(s): Kimsuky

According to SentinelLabs, this is a VisualBasic-based malware that gathers system and file information and exfiltrates the data using InternetExplorer.Application or Microsoft.XMLHTTP objects.

References
2026-04-11Breakglass IntelligenceBreakglass Intelligence
We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger
RandomQuery RandomQuery
2023-05-23Aleksandar Milenkoski
Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
RandomQuery

There is no Yara-Signature yet.