Overview

overview

10

Static

static

1

bind_tcp.hta

windows7-x64

10

bind_tcp.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bind_tcp.hta

  • Size

    7KB

  • Sample

    240530-e6hzhsff89

  • MD5

    248aa4289e3739f172987f89212e4093

  • SHA1

    1d8a58fd8e77c42c0d9f0f9d3a4d118f22c23ac5

  • SHA256

    82989ca18031638c484db4469a094bcf812641717e0f70480394b17ade9ded98

  • SHA512

    4e24b70280d8e56abcdc03100a28224dde1a3b07a1538dac01f5983e0ff8eb0ef5025c7d87c280255b2dc8918d0a4e0e3e98115efa9152dd11dfcffd57ed15d9

  • SSDEEP

    192:+zPn2jh1hqT2Fr2rG71OrYf4KqLl9QhufdUk4TRQW+ZiPj2vF6hd9d:+zPn2jh1hsWr2S7Ar2qLwu1Ukny2Uhdj

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_bind_tcp

Targets

    • Target

      bind_tcp.hta

    • Size

      7KB

    • MD5

      248aa4289e3739f172987f89212e4093

    • SHA1

      1d8a58fd8e77c42c0d9f0f9d3a4d118f22c23ac5

    • SHA256

      82989ca18031638c484db4469a094bcf812641717e0f70480394b17ade9ded98

    • SHA512

      4e24b70280d8e56abcdc03100a28224dde1a3b07a1538dac01f5983e0ff8eb0ef5025c7d87c280255b2dc8918d0a4e0e3e98115efa9152dd11dfcffd57ed15d9

    • SSDEEP

      192:+zPn2jh1hqT2Fr2rG71OrYf4KqLl9QhufdUk4TRQW+ZiPj2vF6hd9d:+zPn2jh1hsWr2S7Ar2qLwu1Ukny2Uhdj

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks