Overview

overview

10

Static

static

1

bind_tcp_uuid.hta

windows7-x64

10

bind_tcp_uuid.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bind_tcp_uuid.hta

  • Size

    7KB

  • Sample

    240530-e64afsfg27

  • MD5

    bce1078c57268ef42732dc651d2049c9

  • SHA1

    e3df7d0b57e1a98c7614765abb51cf80f8b0c703

  • SHA256

    14cff907c52f3c8efc51e1775fca708be95910b3488107d5be4e0b2cd5bcaaa3

  • SHA512

    2c2d3569955489efe9c0c2b1f421bfab215bb0a36cb53002328bb4c2437f9731b853fa2db4ee74b98c6e7140c5ecac7f4e1bad86ba5af448f2c9b7f7cc657250

  • SSDEEP

    192:Un2jh1hqT2Rxq0rNMP/9urq9oUSx8F6Nh3p3k2Zp2dHhxd:Un2jh1hscQ0rg0G9oUSU6NzDQdHhxd

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_bind_tcp

Targets

    • Target

      bind_tcp_uuid.hta

    • Size

      7KB

    • MD5

      bce1078c57268ef42732dc651d2049c9

    • SHA1

      e3df7d0b57e1a98c7614765abb51cf80f8b0c703

    • SHA256

      14cff907c52f3c8efc51e1775fca708be95910b3488107d5be4e0b2cd5bcaaa3

    • SHA512

      2c2d3569955489efe9c0c2b1f421bfab215bb0a36cb53002328bb4c2437f9731b853fa2db4ee74b98c6e7140c5ecac7f4e1bad86ba5af448f2c9b7f7cc657250

    • SSDEEP

      192:Un2jh1hqT2Rxq0rNMP/9urq9oUSx8F6Nh3p3k2Zp2dHhxd:Un2jh1hscQ0rg0G9oUSU6NzDQdHhxd

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks