MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 990c81ff3bcd5d3b332e34c57462a3560c588322828d3953266e801eb4e52c2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA 4243 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 990c81ff3bcd5d3b332e34c57462a3560c588322828d3953266e801eb4e52c2e
SHA3-384 hash: d4a3a891b677a39956777fed14b8965102794ebe09f3aba1df4a6e7af75e015de419e8eeb736aab7b4b010809fd7033b
SHA1 hash: d21f9b4e3d9d8c1576ca1ca86abb503071b9f232
MD5 hash: f479b5e4e756355aa2cc93c23ddd41f3
humanhash: lithium-avocado-mockingbird-maryland
File name:billi_cc8592ce9cc64d42856fd562c07fb4c2.exe.dom_1.exe
Download: download sample
File size:256'512 bytes
First seen:2020-05-03 17:28:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep 3072:ZzqTC/VXu6wwe0Nc8QsCN7nshAM1PZMgvX7ID5pZqXVyC+58t0g7IK/t9s56Jki:9qGdXu6wb0Nc8QsysPPxvMCXAgrM5Mk
Threatray 17 similar samples on MalwareBazaar
TLSH 96449D02B9C08036D1AB127506BB6F721A7DBC726725DA8F779CCC894FB44C0A72A757
Reporter JoulK
Tags:exe Meterpreter

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Tool.MeterPreter-6294292-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Meterpreter
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 17:32:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
30 of 31 (96.77%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
45ccf8e379c900f0c7496e4debe1ad4550256f6162383baba5f1344e5d9ca250
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
62d2e3131e68b84b46765a9faa25e2173fa546fd875b99fac3422e7e02a84738
690e1f519a5ca9a1698ae738ca06c030380779a1a989cefb6dff7025e4c5baed
73734a1299a26708c8137b3c10bf6f8b78b2881d535451166eaf32a74cf05724
8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd
b13f42d26dbbe2481ff01fe2987be00bd907d203db78f5384fc12273708b4a09
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
d27db19db72691d403d38243719346bca79efb3f81b6c44d9fd3cd9dfff83b9d
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
+ 7 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ReflectiveLoader
Create hunting rule
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments