MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c385d446d171ce87a61ae6396a0021bf6f4e80c004f4e32bf7a3e8cdc461ab6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Meterpreter


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c385d446d171ce87a61ae6396a0021bf6f4e80c004f4e32bf7a3e8cdc461ab6a
SHA3-384 hash: 33cc04dd0132374e92b89e9a14a43ea5d2ef9837fbf96da71cece9028c5c532a211134b7339d50c1cabcc289fa093b01
SHA1 hash: 5687c529597b1284afbe9226aac7661d850e38d5
MD5 hash: cd37497c18ae3523017754bd28cce758
humanhash: eleven-nebraska-happy-beryllium
File name:hello1
Download: download sample
Signature Meterpreter
Create hunting rule
File size:74'752 bytes
First seen:2022-02-25 00:48:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 427d9adcbfac8be53d865e8dcb0bdd6f (5 x Meterpreter)
ssdeep 768:AbhdWWs7miQXMffoDnNfxZRy2b3/fhzZibj7sRsAzyYkIV2EEpa7KlUM3Fm1FhuY:AfWfPQqf6NBrnmj709QtlUMVvXDC
TLSH T19D73E75BF2D364F8C26BC27886D22632B931BC5241246F6D97A4FB312E15E50BF5E720
Reporter r3dbU7z
Tags:exe Meterpreter

Intelligence

File Origin
# of uploads :
1
# of downloads :
281
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/244565/
Detection(s):
Win.Trojan.Meterpreter-9933150-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7358/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug meterpreter rozena
Link:
https://www.filescan.io/uploads/62182786b94fb38cb4002a0f/reports/200a85dd-0b76-4a59-a6b3-4c2768a3e541/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/60136669-8ae7-429c-83b3-e0004978d7bb
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/946129
Signature
Found API chain indicative of debugger detection
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c385d446d171ce87a61ae6396a0021bf6f4e80c004f4e32bf7a3e8cdc461ab6a/
Threat name:
Win64.Trojan.Rozena
Create hunting rule
Status:
Malicious
First seen:
2022-02-24 23:17:00 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220225-a6dmksfcbr/
Unpacked files
SH256 hash:
c385d446d171ce87a61ae6396a0021bf6f4e80c004f4e32bf7a3e8cdc461ab6a
MD5 hash:
cd37497c18ae3523017754bd28cce758
SHA1 hash:
5687c529597b1284afbe9226aac7661d850e38d5
Link:
https://www.unpac.me/results/a197d38c-b4c8-4116-9c81-8bcf6c98c69b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c385d446d171ce87a61ae6396a0021bf6f4e80c004f4e32bf7a3e8cdc461ab6a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Meterpreter

Executable exe c385d446d171ce87a61ae6396a0021bf6f4e80c004f4e32bf7a3e8cdc461ab6a

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/244565/

Comments