Overview

overview

10

Static

static

1

5681783894...fe.hta

windows7-x64

10

5681783894...fe.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    568178389480e9f8368e66d811b105fe.hta

  • Size

    7KB

  • Sample

    240523-w52tnsbh88

  • MD5

    568178389480e9f8368e66d811b105fe

  • SHA1

    34c19d4b6bc99440b30ee9922a566ded9bd7a287

  • SHA256

    5a053f4449623db14b37b34c6cc783b87d86a95baa7b258bcd9d42c1d023974e

  • SHA512

    7bf3b91350ad635543cb92167d3e0b28d7d51164b8da040ea0740e672bfdad7d4242b25ba42b12a1c4cd266cbf44fa1ae6b8c34b01eea61ffa3687e8fd06e9ed

  • SSDEEP

    192:gn2jh1hqT2TsQL36ANDaqkvhYXMl9tKTsQGF6hd9d:gn2jh1hszMLBa5vhB94Tl1hd9d

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

144.76.219.54:8000

Targets

    • Target

      568178389480e9f8368e66d811b105fe.hta

    • Size

      7KB

    • MD5

      568178389480e9f8368e66d811b105fe

    • SHA1

      34c19d4b6bc99440b30ee9922a566ded9bd7a287

    • SHA256

      5a053f4449623db14b37b34c6cc783b87d86a95baa7b258bcd9d42c1d023974e

    • SHA512

      7bf3b91350ad635543cb92167d3e0b28d7d51164b8da040ea0740e672bfdad7d4242b25ba42b12a1c4cd266cbf44fa1ae6b8c34b01eea61ffa3687e8fd06e9ed

    • SSDEEP

      192:gn2jh1hqT2TsQL36ANDaqkvhYXMl9tKTsQGF6hd9d:gn2jh1hszMLBa5vhB94Tl1hd9d

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks