MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ed1a3bccdbabcea8c5af4a65f706056856bd46eec21b2296ffad11614872eab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Meterpreter

Vendor detections: 2

Intelligence 2 IOCs YARA 2 File information Comments

SHA256 hash:	0ed1a3bccdbabcea8c5af4a65f706056856bd46eec21b2296ffad11614872eab
SHA3-384 hash:	a65839b6db798f4989578a52dcc40a48bcfeae062afc9aa4c71e363594e73646806c8baf353f4c613130c88ef13c9edd
SHA1 hash:	c06944414b280eb810e024986cd7124332bb5228
MD5 hash:	1b69f957c63236d214fb85353492a023
humanhash:	triple-nitrogen-alanine-fillet
File name:	billi_7403895435d3487f9b36ed38b756b189.exe
Download:	download sample
Signature	Meterpreter Create hunting rule
File size:	73'802 bytes
First seen:	2020-05-03 17:26:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep	1536:ICJk3DXt+XWPQwKwr6/Mb+KR0Nc8QsJq39:tyDXtvxKo6/e0Nc8QsC9
Threatray	27 similar samples on MalwareBazaar
TLSH	C173BF43D9C85066D5A5123D2B3137BAAA74F9BE6701C2DB354CCAF5DBC09B0922A3C7
Reporter	JoulK
Tags:	exe Meterpreter

Intelligence

File Origin

# of uploads :

# of downloads :

110

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.MSShellcode-7

Win.Trojan.Swrort-5710536-0

BC.Win.Trojan.Swrort-17210

Gathering data

Threat name:

Win32.Trojan.Swrort

Status:

Malicious

First seen:

2020-04-30 17:32:00 UTC

File Type:

PE (Exe)

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

unknown

Meterpreter

6e85d06aa422cfc42dafe910acf8de96a3224bc6eb8b5af7e7435c0881d7e7e6

Meterpreter

733036ae8101048351d1cf684fe1bc02c1cf7a70725a470bec7cbd59a602738b

Meterpreter

84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04

Meterpreter

87e69df644cf7fa95ced9c33e3fcd4a88356baea18ac20c2aac042d223d7c4b8

Meterpreter

89b2357e89f357fba520dc35157a8285bf67bb5bf50e48510b9331287d8a2e80

Meterpreter

95ca4bbcf27da5dfc45c3ae4228069c7a228951c9da064276ea5285afd70dbcf

Meterpreter

96806ca7e35fc1840e35d756d2242c494fa734a81d76ceb8586fd10ef6548f39

Meterpreter

a49855a8a95f24d6ee35f5853e894f13be32bcc91bb076811feb3943f14bce6d

Meterpreter

d6efc9b300838a72c814e21977456610eef3efebb42d02f83d0505581de15713

Meterpreter

+ 17 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Cobalt_functions Create hunting rule
Author:	@j0sm1
Description:	Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

Rule name:	Msfpayloads_msf_10 Create hunting rule
Author:	Florian Roth
Description:	Metasploit Payloads - file msf.exe
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Meterpreter

exe 0ed1a3bccdbabcea8c5af4a65f706056856bd46eec21b2296ffad11614872eab

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/355070/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample