MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbf207e26ad004abf2ba23ac30ae3658fb9d68965f2eba9407407f7e04b16a6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Meterpreter

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	fbf207e26ad004abf2ba23ac30ae3658fb9d68965f2eba9407407f7e04b16a6c
SHA3-384 hash:	081d7909f7749497d3dfb4dae53a805f7e74cb9c9498f1fb5a2f2ecdb3a8d95ce5e947f576a345646280e2bf6a8396c7
SHA1 hash:	ae9b149d378070ed41f4608f6f03cd37f54e4c58
MD5 hash:	25501f45fe5d297fe8d1876be5c581d7
humanhash:	wolfram-earth-sink-william
File name:	25501f45fe5d297fe8d1876be5c581d7.exe
Download:	download sample
Signature	Meterpreter Create hunting rule
File size:	276'006 bytes
First seen:	2022-11-07 14:10:36 UTC
Last seen:	2022-11-07 16:25:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f59bc5e398afbd50e71abdf348b8674c (1 x Meterpreter)
ssdeep	3072:/CnzfdNj6abr+HOgxEWtonLVzltaivYFP7bgo:6nrbjtbrXgxxqFCivYFP7bgo
Threatray	70 similar samples on MalwareBazaar
TLSH	T1C744E883BAF46CD7D50802B8F69687111377FEA116068F1B1B20BE353F7A9906E89375
TrID	43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 27.6% (.EXE) Win64 Executable (generic) (10523/12/4) 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.3% (.EXE) OS/2 Executable (generic) (2029/13) 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	9030f0d4d4f0e870 (1 x Meterpreter)
Reporter	abuse_ch
Tags:	exe Meterpreter

abuse_ch

Meterpreter C2:
39.107.118.209:9008

Intelligence

File Origin

# of uploads :

# of downloads :

175

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

25501f45fe5d297fe8d1876be5c581d7.exe

Verdict:

No threats detected

Analysis date:

2022-11-07 14:13:28 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/01bd44c2-3408-4af8-9456-c567ae38a882

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/329971/

Detection(s):

SecuriteInfo.com.BackDoor.Meterpreter.227.23427.6391.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Сreating synchronization primitives

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/49656/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug greyware overlay spyeye

Link:

https://www.filescan.io/uploads/636911f7775605b3a4f3df2a/reports/6a126272-f199-46c4-827a-96b9f3ca33da/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/00c6b5a2-8fc7-4b07-86b1-a66346b1d162

Result

Threat name:

Meterpreter

Detection:

malicious

Classification:

troj.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1107333

Signature

Contains functionality to change the desktop window for a process (likely to hide graphical interactions)

Contains functionality to check if the process is started with administrator privileges

Contains functionality to inject code into remote processes

Contains functionality to inject threads in other processes

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Meterpreter

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fbf207e26ad004abf2ba23ac30ae3658fb9d68965f2eba9407407f7e04b16a6c/

Threat name:

Win64.Trojan.Swrort

Status:

Malicious

First seen:

2022-10-17 09:43:29 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7pzapytk2ackx4v2eowdblrwld5z22ewl4xlvfahib7x4bfrnjwa._file

Verdict:

malicious

Meterpreter

46e73b35907bea5ffc06d2c8c9b1e32b12896dcfde636b80e7c004a263ce18bf

Meterpreter

571de8219bf86b49ea252c45a0b42e3263af6be74a710ef496b5418ea990fe6e

Meterpreter

9f1375f542db420157e7f2aa92a3ff1b1a4e4bf51cf37808ad93ddb1cbb3493d

Meterpreter

a3b14096156684a6aed44851c7c9d1fbe64e7926cbdf57317f083f0ca1ae4d06

Meterpreter

b48782e98785cea520bfd24a3b3bf72fe9701de5598ee6516ce0ba316e307db5

Meterpreter

be3c033ff5bf0df0698deac5b06866d7a0f59767bd51e2afa0da6d4960eafd08

Meterpreter

+ 60 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/221107-rg9gdsdchr/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/d49d5f05-d00b-45c3-9ad2-ae79055e538f

Unpacked files

SH256 hash:

fbf207e26ad004abf2ba23ac30ae3658fb9d68965f2eba9407407f7e04b16a6c

MD5 hash:

25501f45fe5d297fe8d1876be5c581d7

SHA1 hash:

ae9b149d378070ed41f4608f6f03cd37f54e4c58

Link:

https://www.unpac.me/results/2551ce99-c8b7-403a-8526-50d424861443/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Pay2Key

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fbf207e26ad004abf2ba23ac30ae3658fb9d68965f2eba9407407f7e04b16a6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/329971/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample