MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43262045bd96fc272ef92a3a5ec086e7c49349f0c8167f5d1db6ccd7d514e9e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Metasploit

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	43262045bd96fc272ef92a3a5ec086e7c49349f0c8167f5d1db6ccd7d514e9e9
SHA3-384 hash:	d6a10ee89aa52e44a998b7a13401912a5392dd15c96ad5e862f9804b43f417cd632f502664ba2392e4a9b75e7841b358
SHA1 hash:	d380ef571858e2fce134e33eb8300c5f71be5b0e
MD5 hash:	3120dbbc841d2c58afce83b34b3a6d95
humanhash:	virginia-east-batman-kilo
File name:	meterpeter.exe
Download:	download sample
Signature	Metasploit Create hunting rule
File size:	73'802 bytes
First seen:	2022-02-16 15:18:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep	1536:IF8sAgr0PU95QvWQg/B4/C9Nm2C62betVpDBaA0xBDRMb+KR0Nc8QsJq39:XP+W+QgZ4O8LkPvn4de0Nc8QsC9
TLSH	T11973BF42E9C45537C2A2013E26753BB5A975F1FB3245C2DA3A4CCDF9DFC18A0A6263C6
Reporter	JAMESWT_WT
Tags:	exe Metasploit

Intelligence

File Origin

# of uploads :

# of downloads :

230

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

http://159.89.55.248:8080/aliyunbeacon.bad

Verdict:

Malicious activity

Analysis date:

2022-02-15 16:26:38 UTC

Tags:

opendir loader trojan

Link:

https://app.any.run/tasks/da6dbdfc-fa7f-4118-bb74-5855f26b62eb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/241947/

Detection(s):

Win.Trojan.Swrort-5710536-0

BC.Win.Trojan.Swrort-17210

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

cobalt greyware overlay packed

Link:

https://www.filescan.io/uploads/620d15f7ac8ad0468b475525/reports/2ba13750-4ca9-48f5-b649-2c9eab8313ee/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

Metasploit

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/940923

Signature

Antivirus / Scanner detection for submitted sample

Found stalling execution ending in API Sleep call

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Metasploit Payload

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/43262045bd96fc272ef92a3a5ec086e7c49349f0c8167f5d1db6ccd7d514e9e9/

Threat name:

Win32.Trojan.Swrort

Status:

Malicious

First seen:

2022-02-16 13:20:01 UTC

File Type:

PE (Exe)

AV detection:

27 of 28 (96.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=imtcarn5s36colxzfi5f5qeg47cjgspqzalh6xi5w3gnpviu5huq._file

Verdict:

malicious

Result

Malware family:

metasploit

Score:

10/10

Tags:

family:metasploit backdoor trojan

Link:

https://tria.ge/reports/220216-sp67nsdbbm/

Behaviour

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

MetaSploit

Malware Config

C2 Extraction:

http://mylware.ml:443/mtzueuX4EpjqnuuftWkroQiOrIysKtZwmKU5pvx_DdKTlDXph3nUdSPoXPtls2bS6l_BWuAvgjOenM3_4KcH5dj_OmFyppK8-9cPXz2wSYoA58hV8vyunFqzVXdpsmw8_0FZpmxuvb3i7

Unpacked files

SH256 hash:

43262045bd96fc272ef92a3a5ec086e7c49349f0c8167f5d1db6ccd7d514e9e9

MD5 hash:

3120dbbc841d2c58afce83b34b3a6d95

SHA1 hash:

d380ef571858e2fce134e33eb8300c5f71be5b0e

Link:

https://www.unpac.me/results/b481a9a0-2ea4-4edb-b196-df49ddda00c1/

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/43262045bd96/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/43262045bd96fc272ef92a3a5ec086e7c49349f0c8167f5d1db6ccd7d514e9e9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/241947/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample