Extracted

• • Target

    5a053f4449623db14b37b34c6cc783b87d86a95baa7b258bcd9d42c1d023974e.hta

  • Size

    7KB

  • MD5

    568178389480e9f8368e66d811b105fe

  • SHA1

    34c19d4b6bc99440b30ee9922a566ded9bd7a287

  • SHA256

    5a053f4449623db14b37b34c6cc783b87d86a95baa7b258bcd9d42c1d023974e

  • SHA512

    7bf3b91350ad635543cb92167d3e0b28d7d51164b8da040ea0740e672bfdad7d4242b25ba42b12a1c4cd266cbf44fa1ae6b8c34b01eea61ffa3687e8fd06e9ed

  • SSDEEP

    192:gn2jh1hqT2TsQL36ANDaqkvhYXMl9tKTsQGF6hd9d:gn2jh1hszMLBa5vhB94Tl1hd9d

  Score

  10^/10

  metasploitbackdoorexecutiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2