General
-
Target
evil.hta
-
Size
28KB
-
Sample
201123-nc8vj16k8e
-
MD5
05fd981b5e82d5060701f064abb4e42d
-
SHA1
5073ea76853a70b2332096bbc800525025a2e527
-
SHA256
191bd1fa383ec90337de27de9212572e710b44944cb67c3c923852a16c3783db
-
SHA512
f8e28526beca600c8d0d625f7a716a4ffe663b9c48d2016c33e94257bbc312c09c40ccc5c1055d433330607a96d35f25a8ced1f2d1e62344abf3ba49feb89328
Static task
static1
Behavioral task
behavioral1
Sample
evil.hta
Resource
win7v20201028
Behavioral task
behavioral2
Sample
evil.hta
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/download_exec
http://45.138.172.81:443/m6Ip
Targets
-
-
Target
evil.hta
-
Size
28KB
-
MD5
05fd981b5e82d5060701f064abb4e42d
-
SHA1
5073ea76853a70b2332096bbc800525025a2e527
-
SHA256
191bd1fa383ec90337de27de9212572e710b44944cb67c3c923852a16c3783db
-
SHA512
f8e28526beca600c8d0d625f7a716a4ffe663b9c48d2016c33e94257bbc312c09c40ccc5c1055d433330607a96d35f25a8ced1f2d1e62344abf3ba49feb89328
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-