metasploit | 6101bca566955a1ff83fe145187fd0665dcc6f362364256c1f4b4842f3ad0f20 | Triage

Sharing

General

Target

setup.hta
Size

7KB
Sample

240531-ws29nshb25
MD5

7159cc75c0c3fa0e08ed40a8d29beeda
SHA1

e73631da77790cd6cb32e8a9e7e20706883ee288
SHA256

6101bca566955a1ff83fe145187fd0665dcc6f362364256c1f4b4842f3ad0f20
SHA512

e77de02b37a1df0e32bb01e8922f47db4bad8701d3a51ed24806e0e9f643a3af2a1626ed19913484037b36664de5d704e88c074093f08332e660ccc1208d244f
SSDEEP

192:mln2jh1hqT2g/yy0ue0Q3/Q7D1fcxSEB1ZT9XXrVeIfMlF8pTAld:gn2jh1hsDts08/QtoSErZRXXciMlvld

Score

10^/10

metasploit backdoor execution trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.139:4444

Targets

- Target
  
  setup.hta
- Size
  
  7KB
- MD5
  
  7159cc75c0c3fa0e08ed40a8d29beeda
- SHA1
  
  e73631da77790cd6cb32e8a9e7e20706883ee288
- SHA256
  
  6101bca566955a1ff83fe145187fd0665dcc6f362364256c1f4b4842f3ad0f20
- SHA512
  
  e77de02b37a1df0e32bb01e8922f47db4bad8701d3a51ed24806e0e9f643a3af2a1626ed19913484037b36664de5d704e88c074093f08332e660ccc1208d244f
- SSDEEP
  
  192:mln2jh1hqT2g/yy0ue0Q3/Q7D1fcxSEB1ZT9XXrVeIfMlF8pTAld:gn2jh1hsDts08/QtoSErZRXXciMlvld
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan