MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19c3221cbbdc45fff5b609709f86169e2bfd86b1273d722dc8f0bc59d5a65704. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Metasploit


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19c3221cbbdc45fff5b609709f86169e2bfd86b1273d722dc8f0bc59d5a65704
SHA3-384 hash: 0977395f792db8e4a0b8fc50922577b2477776abbc2b08b08e797a033e01c7af19076981cbe0293c3114a0fb4963516e
SHA1 hash: 9e022b778a9f05b4ade4912b00466b0d1ccc471d
MD5 hash: 771a8944c6e5052d9f86e88ac6da0b00
humanhash: echo-papa-one-yellow
File name:PP64Stub.exe
Download: download sample
Signature Metasploit
Create hunting rule
File size:25'600 bytes
First seen:2022-10-12 23:40:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9658e75e10fc3fd7d91ac973da593588 (1 x Metasploit, 1 x CobaltStrike)
ssdeep 384:GiTXFYPYp1KocnCRVG6xOX1SUwhULOOYXPTXo8bHnRCszmcL8Ze:Gi5Zp19rPB+1Sj61cU8bxCqMZe
Threatray 2'778 similar samples on MalwareBazaar
TLSH T1C1B26C89E24213EDD8B7C8B8C9422A7D7AA374245324AFDFD5E0861B2317DE465BC743
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:exe Metasploit

Intelligence

File Origin
# of uploads :
1
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/319595/
Detection(s):
SecuriteInfo.com.Win64.HacktoolX-gen.32424.28501.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching cmd.exe command interpreter
Creating a process with a hidden window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6347508e316b332dfca8ec96/reports/a45abccb-50c1-4862-b927-042cec6e9950/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/2329d2de-7df9-4223-a9c0-69831c42f982
Result
Threat name:
Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1089246
Signature
Contains functionality to start reverse TCP shell (cmd.exe)
Malicious sample detected (through community Yara rule)
Yara detected Metasploit Payload
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 721843 Sample: PP64Stub.exe Startdate: 13/10/2022 Architecture: WINDOWS Score: 60 16 Malicious sample detected (through community Yara rule) 2->16 18 Yara detected Metasploit Payload 2->18 6 PP64Stub.exe 1 2->6         started        process3 dnsIp4 14 10.211.55.22, 31337 unknown unknown 6->14 20 Contains functionality to start reverse TCP shell (cmd.exe) 6->20 10 conhost.exe 6->10         started        12 cmd.exe 1 6->12         started        signatures5 process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19c3221cbbdc45fff5b609709f86169e2bfd86b1273d722dc8f0bc59d5a65704/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-12 23:41:06 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
2 of 41 (4.88%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dhbsehf33rc775nwbfyj7bqwtyv73bvre46xeloi6c6ftvngk4ca._file
Verdict:
malicious
Similar samples:
02201f5f3630302f9914837b5b618ca0870ec75b459544ac42cb88a706b217a1
Metasploit
19cc82a31d478528f3b89bea8144268153e24c25f1804a8c22250fb5670661b4
Metasploit
4533b5392f6e49cf20ee0821b4c8b6b74b8af274995646791ec7fe48a2615425
Metasploit
6f64d864d4cdeaa6062e44e34c0969ebdead56edb22e5a2b61c987ca3400fad4
Metasploit
74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730
Metasploit
ab62ae9f4f7e797648fd4de6633357f704d4799f77844a0368a17ad21d2a2958
Metasploit
bdc9b4576df059ca895dc4f4d5491059ed86f74fa9b99ce5e9465476c4f6d9b8
Metasploit
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc
Metasploit
f97868b93747008b2b67f509958fa5e7d3d380d384042ca655f9a6f77c610532
Metasploit
+ 2'768 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221012-3pegrshddk/
Behaviour
Suspicious use of WriteProcessMemory
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/caa10234-6f19-4940-830f-54fda9a6680b
Unpacked files
SH256 hash:
19c3221cbbdc45fff5b609709f86169e2bfd86b1273d722dc8f0bc59d5a65704
MD5 hash:
771a8944c6e5052d9f86e88ac6da0b00
SHA1 hash:
9e022b778a9f05b4ade4912b00466b0d1ccc471d
Link:
https://www.unpac.me/results/bd9bee6b-afca-4fc9-9964-f23dc2a54fc1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/19c3221cbbdc45fff5b609709f86169e2bfd86b1273d722dc8f0bc59d5a65704

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/319595/

Comments