General
-
Target
reverse_http.hta
-
Size
8KB
-
Sample
240530-e64k8afg32
-
MD5
9c913698ba90b57ff848a60b4d87e165
-
SHA1
1236a2d03734f898520d106e7e113419a859ac88
-
SHA256
b5cc3f9c8d9b898d00c5c93761058c7b7dd91c1921f8dc1358ccc1c3bced6004
-
SHA512
7e0e2c54acf540f581cc574dad82de570577534701a683857622237bc4bf608e093a7193193d38b5ddf0a377845fc355a688d4faa8dbe6749347aedec7ce3894
-
SSDEEP
192:5hn2jh1hqT2l39gHqB8TpEmp1Jr6KJTIBUmcEOKU6faL0H7Ald:jn2jh1hsW9gH5qmpK5UHtKU+aL08ld
Malware Config
Extracted
metasploit
windows/reverse_http
http://1.14.247.162:40001/GV_avNynVjlUxVXEMRJYfgkwNqbaOT2v9_VUCcSK8cpcf6987xqrQGI_TpQZAAxoszBBTm6HevhBHokGXDoLBz0GjVb8TaoWwpliHEh8_9uQGHUmi
Targets
-
-
Target
reverse_http.hta
-
Size
8KB
-
MD5
9c913698ba90b57ff848a60b4d87e165
-
SHA1
1236a2d03734f898520d106e7e113419a859ac88
-
SHA256
b5cc3f9c8d9b898d00c5c93761058c7b7dd91c1921f8dc1358ccc1c3bced6004
-
SHA512
7e0e2c54acf540f581cc574dad82de570577534701a683857622237bc4bf608e093a7193193d38b5ddf0a377845fc355a688d4faa8dbe6749347aedec7ce3894
-
SSDEEP
192:5hn2jh1hqT2l39gHqB8TpEmp1Jr6KJTIBUmcEOKU6faL0H7Ald:jn2jh1hsW9gH5qmpK5UHtKU+aL08ld
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-