General

  • Target

    update.hta

  • Size

    7KB

  • Sample

    240619-1t7m1atcrc

  • MD5

    aafe20c739d203812a7e3baeb242401e

  • SHA1

    ee2830a049033ec5a2cae2125a474915e96f21eb

  • SHA256

    3e32fa64ce2ccb3e071423c424ac845cb162cb2b749de4084220f4f9155317b6

  • SHA512

    efb02856f516c907bf2b8d7b7f795771b9c587d9c59e6716c8047a99b377707e24b35d1e8c185bacc235d9ae4b619aa489c8c34c701c973a44103f396e2ff5bc

  • SSDEEP

    192:/n2jh1hqT2UauulDDoLccCep/NVztqhodM/7AF6hd9d:/n2jh1hsha75DYcM/NVBqhoOfhd9d

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

94.156.8.243:2221

Targets

    • Target

      update.hta

    • Size

      7KB

    • MD5

      aafe20c739d203812a7e3baeb242401e

    • SHA1

      ee2830a049033ec5a2cae2125a474915e96f21eb

    • SHA256

      3e32fa64ce2ccb3e071423c424ac845cb162cb2b749de4084220f4f9155317b6

    • SHA512

      efb02856f516c907bf2b8d7b7f795771b9c587d9c59e6716c8047a99b377707e24b35d1e8c185bacc235d9ae4b619aa489c8c34c701c973a44103f396e2ff5bc

    • SSDEEP

      192:/n2jh1hqT2UauulDDoLccCep/NVztqhodM/7AF6hd9d:/n2jh1hsha75DYcM/NVBqhoOfhd9d

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Discovery

System Information Discovery

1
T1082

Tasks