metasploit | 517c28639a180fd2e1acdb0142f126ad90ce46333096e07f5064adc1a0b48292 | Triage

Sharing

General

Target

Launcher.hta
Size

8KB
Sample

230609-sma2fscd84
MD5

fda21c4fa7433532d77e8b554efbb664
SHA1

f75766101d5cedf2cbe1024acc08ab45789a0040
SHA256

517c28639a180fd2e1acdb0142f126ad90ce46333096e07f5064adc1a0b48292
SHA512

2c8bedd2ac42f640f34e98b1c44d665d374cb75fc2107cf1b161e0f33245e686bca09d1b2c1e5762e375195b4e92b741e3a3df457e6cda0ac5858f7632b73d6d
SSDEEP

192:7SNMQir5qvXhjyhwPyxl3+XA5GF5hjG1r8Qf:7bbcXhjyhW0luX75hjGiQf

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://143.198.78.128:4242/TgP-qaN3r5N9onyjHkCESwjxDjzki

Targets

- Target
  
  Launcher.hta
- Size
  
  8KB
- MD5
  
  fda21c4fa7433532d77e8b554efbb664
- SHA1
  
  f75766101d5cedf2cbe1024acc08ab45789a0040
- SHA256
  
  517c28639a180fd2e1acdb0142f126ad90ce46333096e07f5064adc1a0b48292
- SHA512
  
  2c8bedd2ac42f640f34e98b1c44d665d374cb75fc2107cf1b161e0f33245e686bca09d1b2c1e5762e375195b4e92b741e3a3df457e6cda0ac5858f7632b73d6d
- SSDEEP
  
  192:7SNMQir5qvXhjyhwPyxl3+XA5GF5hjG1r8Qf:7bbcXhjyhW0luX75hjGiQf
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan