Overview

overview

10

Static

static

1

Journal-http.hta

windows7-x64

10

Journal-http.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Journal-http.hta

  • Size

    29KB

  • Sample

    241115-w1gypssqel

  • MD5

    439ba39a07845e334c3c4422a96bc72b

  • SHA1

    20d5b07d9d525e003886c8ed82dc5bf98d52f99c

  • SHA256

    836c97307357a8f7a318cf0206b6f1aff82cc71c80fd37ebbfd0777a2dff483a

  • SHA512

    3f7145abe604c6ba48dfe175dc4311cb7f399b49b5707e8d03df5dc3e68458c156ab0ceee34be558a603524575767bfb23eec9ef8fba1fa48ab8cbf3c1373d4f

  • SSDEEP

    384:kdeiNYnl3Q/2irLwQbyACD1JaSisfUD2O3Al3l0YKxAV6/a:kE3Q/T/weydi4s2O3Al3lqxRS

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.180.12:7810/l6Pj

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)

Targets

    • Target

      Journal-http.hta

    • Size

      29KB

    • MD5

      439ba39a07845e334c3c4422a96bc72b

    • SHA1

      20d5b07d9d525e003886c8ed82dc5bf98d52f99c

    • SHA256

      836c97307357a8f7a318cf0206b6f1aff82cc71c80fd37ebbfd0777a2dff483a

    • SHA512

      3f7145abe604c6ba48dfe175dc4311cb7f399b49b5707e8d03df5dc3e68458c156ab0ceee34be558a603524575767bfb23eec9ef8fba1fa48ab8cbf3c1373d4f

    • SSDEEP

      384:kdeiNYnl3Q/2irLwQbyACD1JaSisfUD2O3Al3l0YKxAV6/a:kE3Q/T/weydi4s2O3Al3lqxRS

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks