MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Meterpreter

Vendor detections: 14

Intelligence 14 IOCs YARA 7 File information Comments

SHA256 hash:	2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f
SHA3-384 hash:	3c24599d078deef977cbb5dc4b7d2e142790d7c3bd5a715d1642e7b79bfa3844d05c1d3632a4734dfc17b40a8c3d74dd
SHA1 hash:	dc8742bb944b97e33563bd611ced0e0062902147
MD5 hash:	c41c4dbc5b59f55ecd0a0fe0a46f28f8
humanhash:	louisiana-diet-washington-texas
File name:	SecuriteInfo.com.Trojan.Inject6.5094.9205.18749
Download:	download sample
Signature	Meterpreter Create hunting rule
File size:	7'168 bytes
First seen:	2025-11-08 12:44:28 UTC
Last seen:	2025-11-08 13:19:28 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c2d02fc98f1d75d7b9457468ec75da0e (12 x Meterpreter, 2 x Metasploit)
ssdeep	24:eFGSG9wSjUIKMy58XZh9h9ClfAhEsIAJsj4up+:iG+ixjyeXZh9hMluEsJ44b
TLSH	T12BE100A762265CF7F6392BBD85439B8660FC773443D34B4D0A68044A51A2D19B8A5F83
TrID	27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 20.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.6% (.EXE) Win32 Executable (generic) (4504/4/1) 8.5% (.ICL) Windows Icons Library (generic) (2059/9) 8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe Meterpreter

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Trojan.Inject6.5094.9205.18749

Verdict:

No threats detected

Analysis date:

2025-11-08 12:45:15 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/4dd807eb-9f82-4f6e-b796-9cf4a640bb3d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Rozena

Link:

https://www.capesandbox.com/analysis/36520/

Detection(s):

SecuriteInfo.com.Trojan.Inject6.5094.9205.18749.UNOFFICIAL

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=690f3b683afb53888cc9b8d0

Tags:

cobaltstrike cobalt

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Gathering data

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-11-08T03:35:00Z UTC

Last seen:

2025-11-10T06:15:00Z UTC

Hits:

~10

Detections:

Trojan.Win32.CobaltStrike.gen Trojan.Win32.Shelm.c Trojan.Win32.Rekvex.sb HEUR:Trojan.Win32.Shella.gen HEUR:Trojan.Win32.Generic

Link:

https://opentip.kaspersky.com/2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2903b816-73a2-496f-84c8-230917bba703

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f/

Verdict:

Malicious

Threat:

Family.METASPLOIT

Link:

https://tip.neiki.dev/file/2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f

Threat name:

Win32.Backdoor.Meterpreter

Status:

Malicious

First seen:

2025-11-08 08:18:55 UTC

File Type:

PE (Exe)

AV detection:

32 of 37 (86.49%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=fx7xcsiwc2mq4orvbot4ceumz7xj7kmcnt5k7exwfyifdldd4rxq._file

Verdict:

malicious

Label(s):

metasploit

Similar samples:

error

Meterpreter

Result

Malware family:

metasploit

Score:

10/10

Tags:

family:metasploit backdoor discovery trojan

Link:

https://tria.ge/reports/251108-py8v3swlgs/

Behaviour

System Location Discovery: System Language Discovery

MetaSploit

Metasploit family

Malware Config

C2 Extraction:

89.44.87.110:4444

Verdict:

Malicious

Tags:

red_team_tool cobalt_strike metasploit

YARA:

CobaltStrike_Resources_Reverse_Bin_v2_5_through_v4_x Windows_Trojan_Metasploit_4a1c4da8 Cobalt_functions

Link:

https://app.threat.zone/submission/821b1fc1-7b62-47cf-8861-9bfa6b7d9b99

Unpacked files

SH256 hash:

2dff71491616990e3a350ba7c1128ccfee9fa9826cfaaf92f62e1051ac63e46f

MD5 hash:

c41c4dbc5b59f55ecd0a0fe0a46f28f8

SHA1 hash:

dc8742bb944b97e33563bd611ced0e0062902147

Link:

https://www.unpac.me/results/364b6a71-5517-4e41-b3b7-30e7d68f4bd6/

Malware family:

Metasploit

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/2dff71491616/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CobaltStrike_Resources_Reverse_Bin_v2_5_through_v4_x Create hunting rule
Author:	gssincla@google.com
Description:	Cobalt Strike's resources/reverse.bin signature for versions 2.5 to 4.x
Reference:	https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

Rule name:	CobaltStrike__Resources_Reverse_Bin_v2_5_through_v4_x Create hunting rule
Author:	gssincla@google.com

Rule name:	metasploit_rev_tcp_32 Create hunting rule
Author:	Javier Rascon

Rule name:	meth_peb_parsing Create hunting rule
Author:	Willi Ballenthin

Rule name:	Rozena Create hunting rule

Rule name:	Windows_Trojan_Metasploit_0cc81460 Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Metasploit_4a1c4da8 Create hunting rule
Author:	Elastic Security
Description:	Identifies Metasploit 64 bit reverse tcp shellcode.