MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 690e1f519a5ca9a1698ae738ca06c030380779a1a989cefb6dff7025e4c5baed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA 4207 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 690e1f519a5ca9a1698ae738ca06c030380779a1a989cefb6dff7025e4c5baed
SHA3-384 hash: 2fc283f746cac3a474716cb75155194a3b66f9df448671f8b5bc7fbdf4a2b5d8aec27f9e3b7b5d80fcbf03a31eadc29b
SHA1 hash: e0f95912bb356a59909ba10e23ad1fef16879541
MD5 hash: ac31e07d1dc06fb17050dc971dea092f
humanhash: uniform-ack-west-pluto
File name:billi_cc8592ce9cc64d42856fd562c07fb4c2.exe
Download: download sample
File size:256'512 bytes
First seen:2020-05-03 17:27:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep 3072:WzqTC/VXu6wwe0Nc8QsCN7nshAM1PZMgvX7ID5pZqXVyC+58t0g7IK/t9s56Jkx:aqGdXu6wb0Nc8QsysPPxvMCXAgrM5Mk
Threatray 17 similar samples on MalwareBazaar
TLSH 1E449E02B9C08036C1AB127516BB6F721A7DBC726725DA8F779CCC894FB44C0A72A757
Reporter JoulK
Tags:exe Meterpreter

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Tool.MeterPreter-6294292-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Meterpreter
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 17:39:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
30 of 31 (96.77%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
45ccf8e379c900f0c7496e4debe1ad4550256f6162383baba5f1344e5d9ca250
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
62d2e3131e68b84b46765a9faa25e2173fa546fd875b99fac3422e7e02a84738
73734a1299a26708c8137b3c10bf6f8b78b2881d535451166eaf32a74cf05724
8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd
990c81ff3bcd5d3b332e34c57462a3560c588322828d3953266e801eb4e52c2e
b13f42d26dbbe2481ff01fe2987be00bd907d203db78f5384fc12273708b4a09
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
d27db19db72691d403d38243719346bca79efb3f81b6c44d9fd3cd9dfff83b9d
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
+ 7 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ReflectiveLoader
Create hunting rule
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments