MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b13f42d26dbbe2481ff01fe2987be00bd907d203db78f5384fc12273708b4a09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA 4318 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b13f42d26dbbe2481ff01fe2987be00bd907d203db78f5384fc12273708b4a09
SHA3-384 hash: 05110d0e4a662f313e2a37dc44b251ade59f7c97995dfd0cd72d512859e81a075a265d6b3f54e10585d7ff53a3016369
SHA1 hash: a42991ebb8332a6700e20e7f245e44ad384335d8
MD5 hash: 02bcdeda40710b9b3ab5f000fca55e9c
humanhash: illinois-bravo-idaho-island
File name:billi_cc8592ce9cc64d42856fd562c07fb4c2.exe.dom_2.exe
Download: download sample
File size:256'512 bytes
First seen:2020-05-03 17:28:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep 3072:0zqTC/VXu6wwe0Nc8QsCN7nshAM1PZMgvX7ID5pZqXVyC+58t0g7IK/t9s56JkP:QqGdXu6wb0Nc8QsysPPxvMCXAgrM5Mk
Threatray 17 similar samples on MalwareBazaar
TLSH 7D449D02B9C08036C1AB127516BB6F721A7DBC726725DA8F779CCC894FB44C0A72A757
Reporter JoulK
Tags:exe Meterpreter

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Tool.MeterPreter-6294292-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Meterpreter
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 17:33:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
29 of 31 (93.55%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
45ccf8e379c900f0c7496e4debe1ad4550256f6162383baba5f1344e5d9ca250
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
62d2e3131e68b84b46765a9faa25e2173fa546fd875b99fac3422e7e02a84738
690e1f519a5ca9a1698ae738ca06c030380779a1a989cefb6dff7025e4c5baed
73734a1299a26708c8137b3c10bf6f8b78b2881d535451166eaf32a74cf05724
8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd
990c81ff3bcd5d3b332e34c57462a3560c588322828d3953266e801eb4e52c2e
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
d27db19db72691d403d38243719346bca79efb3f81b6c44d9fd3cd9dfff83b9d
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
+ 7 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ReflectiveLoader
Create hunting rule
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments