MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Meterpreter

Vendor detections: 13

Intelligence 13 IOCs YARA 12 File information Comments

SHA256 hash:	332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea
SHA3-384 hash:	867453b7b2fc0dcf965efa4e2249077800d3afc04f2d718cb4f8793fe7221ccd80fcf455872ae927e7167cc4bcabb784
SHA1 hash:	12525d01e393e4d93acb805fcdaef3bbc4a7cba9
MD5 hash:	d2880a1cccf7e88c221b8d5e7b0d465c
humanhash:	mars-hot-south-wolfram
File name:	35cfef36ede98cfaff9f31fdea3c81fb4b7defd44902896274a35121
Download:	download sample
Signature	Meterpreter Create hunting rule
File size:	176'073 bytes
First seen:	2023-10-13 19:20:06 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	e8d1b179f0e22242443ea10dc9b8232f (2 x Meterpreter)
ssdeep	3072:eR6C45ds/1sAUsMGbCpcAQbzFkFgjGrRzQY9:E6F6dMiAHgjc2Y9
Threatray	43 similar samples on MalwareBazaar
TLSH	T137049D12B6908071D5BB527905BBAB221B7D7C310B76CE5BABA44C8E0E741C0F73A767
Reporter	r3dbU7z
Tags:	backdoor dll exe Meterpreter

Intelligence

File Origin

# of uploads :

# of downloads :

370

Origin country :

Vendor Threat Intelligence

Detection:

Meterpreter

Link:

https://www.capesandbox.com/analysis/454197/

Detection(s):

Win.Exploit.Meterpreter-9777172-0

Win.Exploit.Meterpreter-10009254-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

crypto greyware overlay

Link:

https://www.filescan.io/uploads/6529989f4a70eb0012f87e86/reports/bcc4fc95-6d94-4c41-b936-87c05ff62270/overview

Verdict:

Malicious

Labled as:

ShellCode.Marte.2.Generic

Link:

https://www.hybrid-analysis.com/sample/332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Meterpreter

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4d18c97b-ec96-4a35-9dbf-554b64620103

Result

Threat name:

Meterpreter

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1325452

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to inject threads in other processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Meterpreter

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea/

Threat name:

Win32.Backdoor.Meterpreter

Status:

Malicious

First seen:

2023-10-13 19:21:05 UTC

File Type:

PE (Dll)

AV detection:

20 of 22 (90.91%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gmxvgncm5si44leo2hropexjkmac7is6zoh43fjpkevlbpbwpxva._file

Verdict:

malicious

Meterpreter

7beb0930c77897b1ff9250bd60a7b2e72738942caa53a5ebee1524032c83a940

Meterpreter

848de91c16469e9f09e284adbbbf8cf317db916b414240c6bd46364a8f4c2c84

Meterpreter

b66f4845be8a78e3d1ff3411032be64faeb8869eedfa363a4516ae8056a6ee4a

Meterpreter

e840b559962b8b36d6096dc7b12a1b05e87310cedf595e2429904f0f5fe164b6

Meterpreter

f199cc703c62cb31955634bf10a1285c81fb95f3bba152130cb3cb2e976aef1f

Meterpreter

f1cc6681e7fd5fcd23a3464b08d9128f15b0acb606754ab0776683d649fb50a8

Meterpreter

f790bf11ea244e4397b152ca789091b3c5c442ea3c27ce0c18d3ec4c3d8ea011

Meterpreter

+ 33 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/231013-x2nnbadg3x/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea

MD5 hash:

d2880a1cccf7e88c221b8d5e7b0d465c

SHA1 hash:

12525d01e393e4d93acb805fcdaef3bbc4a7cba9

Link:

https://www.unpac.me/results/954e3b31-319d-4df8-8f5d-5f73d8553b49/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	maldoc_find_kernel32_base_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	maldoc_getEIP_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	MALWARE_Win_Meterpreter Create hunting rule
Author:	ditekSHen
Description:	Detects Meterpreter payload

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	meth_peb_parsing Create hunting rule
Author:	Willi Ballenthin

Rule name:	Windows_Trojan_Metasploit_38b8ceec Create hunting rule
Author:	Elastic Security
Description:	Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon).

Rule name:	Windows_Trojan_Metasploit_38b8ceec Create hunting rule
Description:	Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon).

Rule name:	Windows_Trojan_Metasploit_7bc0f998 Create hunting rule
Author:	Elastic Security
Description:	Identifies the API address lookup function leverage by metasploit shellcode

Rule name:	Windows_Trojan_Metasploit_7bc0f998 Create hunting rule
Description:	Identifies the API address lookup function leverage by metasploit shellcode

Rule name:	Windows_Trojan_Metasploit_c9773203 Create hunting rule
Author:	Elastic Security
Description:	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:	https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm

Rule name:	Windows_Trojan_Metasploit_c9773203 Create hunting rule
Description:	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:	https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Meterpreter

DLL dll 332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/454197/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample