MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19a879068bde8d055650dd1b6f5ae4697a16aa206cf0e0e4f84619433606af92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19a879068bde8d055650dd1b6f5ae4697a16aa206cf0e0e4f84619433606af92
SHA3-384 hash: 7cf1f891ca5db5fb32a33f1513d9c7df7c7e0970ee3af83d911119e740699843958afd417d1351c2cd818496c2123f3e
SHA1 hash: d353b005be89d7d9fa7a989090ab6b85b401bbbe
MD5 hash: bb1080fb45e416efb3e105e911cd14d5
humanhash: beer-leopard-low-utah
File name:EzPsZzX8.exe
Download: download sample
File size:7'168 bytes
First seen:2020-09-16 21:32:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b4c6fff030479aa3b12625be67bf4914 (122 x Meterpreter, 16 x Metasploit, 4 x CobaltStrike)
ssdeep 24:eFGStrJ9u0/6E2FnZO0BQAVoaYNq9KZqpeNDMSeXixpmB:is0mW0BQVts9rSD9eS2B
Threatray 1 similar samples on MalwareBazaar
TLSH 05E1612323484DFBE86C067986E3F8A7219C9E283F3B527649180217297622865B5A08
Reporter pmelson
Tags:exe Meterpreter_PE_Stager

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/62446/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/468571
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19a879068bde8d055650dd1b6f5ae4697a16aa206cf0e0e4f84619433606af92/
Threat name:
Win64.Trojan.Shelma
Create hunting rule
Status:
Malicious
First seen:
2020-09-16 21:34:06 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
63f6b1b60bad01e24355ba56b1ffee392c87858a40ecd14d76e51ebe7c3333d1
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200916-cqtnvd5et6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
XPACK
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19a879068bde8d055650dd1b6f5ae4697a16aa206cf0e0e4f84619433606af92

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cobalt_functions
Create hunting rule
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 19a879068bde8d055650dd1b6f5ae4697a16aa206cf0e0e4f84619433606af92

(this sample)

  
Link
https://www.virustotal.com/gui/file/19a879068bde8d055650dd1b6f5ae4697a16aa206cf0e0e4f84619433606af92/detection
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/62446/

Comments