MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Metasploit


Vendor detections: 13


Intelligence 13 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509
SHA3-384 hash: 4f461cf71cc2cc222a9124522dc8f40c0fce3af035ecc6a55ce79d2be7294b5e4064ce9a4fa356ab4a60bde3c25d4232
SHA1 hash: 6879bc9a3dee6349dd838039a5a8d3313e580faa
MD5 hash: 794ead5feaae9777ab2d65cbd04c5104
humanhash: arizona-comet-burger-august
File name:notepad.exe
Download: download sample
Signature Metasploit
Create hunting rule
File size:7'168 bytes
First seen:2026-02-13 09:56:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c2d02fc98f1d75d7b9457468ec75da0e (11 x Meterpreter, 1 x Metasploit)
ssdeep 24:eFGSGfmYpF5knehtht6dp5raKq9KWZRCIPp:iGfmY+nehthEdTE9JZRC
Threatray 16 similar samples on MalwareBazaar
TLSH T1ABE1FCD7B2126977EB3A07BF8287C69666FD773063920B0D018404086941C5A7C70F93
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter juroots
Tags:exe Metasploit

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
MetaSploit
Details
MetaSploit
an executed command
Link:
https://research.acce.ciphertechsolutions.com/results/ece90e08-8f69-4595-9e63-58d6267944a3/
Malware family:
n/a
ID:
1
File name:
_a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509.exe
Verdict:
No threats detected
Analysis date:
2026-02-13 09:59:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c18f1555-dec3-4f23-b814-f6ef752adc66

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53234/
Detection(s):
Win.Trojan.MSShellcode-6
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698ef54776589225f6664a65
Tags:
metasploit shellcode virus
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
microsoft_visual_cc packed
Link:
https://www.filescan.io/uploads/698ef540930564ff3c9f05f7/reports/64374eed-fd0e-4f87-aef3-8bf9d7e8391b/overview
Verdict:
Malicious
Labled as:
ShellCode.Metasploit.Marte.2.Generic
Link:
https://www.hybrid-analysis.com/sample/a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-02-13T07:09:00Z UTC
Last seen:
2026-02-13T12:59:00Z UTC
Hits:
~10
Detections:
Trojan.Win64.Shelm.sb Trojan.Win32.Shelm.sb HEUR:Trojan.Win64.Shelma.a HEUR:Trojan.Win32.Generic Trojan.Win64.Shlem.sb PDM:Exploit.Win32.Generic Trojan.Win64.Shelma.b
Link:
https://opentip.kaspersky.com/a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509/results?tab=lookup
Malware family:
Metasploit Framework
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b35a49d3-ae54-49d6-b3ef-2a3db3985882
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/794ead5feaae9777ab2d65cbd04c5104
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509/
Verdict:
Malicious
Threat:
Trojan.Win64.Shelm
Link:
https://tip.neiki.dev/file/a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509
Threat name:
Win64.Exploit.MetasploitMarte
Create hunting rule
Status:
Malicious
First seen:
2026-02-13 09:57:31 UTC
File Type:
PE+ (Exe)
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ultsirefe6dqqlltyoim6ewyeod5wnyhlccqnkynrjnkt7li4ueq._file
Verdict:
malicious
Label(s):
metasploit
Create hunting rule
Similar samples:
0b2d0534e1a0893d7f420a148f307f90a12f177a823c558852df9ede04ae4f95
Metasploit
141a6add7aa22399d765e3a91acf11cc7770902183d9e39734aa3e4ca854c362
Metasploit
19c3221cbbdc45fff5b609709f86169e2bfd86b1273d722dc8f0bc59d5a65704
Metasploit
4456f9a5d25296d8e6e184d50ec5355f01848263ce32e8379120a1077194a5ba
Metasploit
8df12544c4595d66adbe72a5cdfd9fdd4aca09d2825509022b244cdb16f8449d
Metasploit
error
Metasploit
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260213-lyf9aabs2g/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509
MD5 hash:
794ead5feaae9777ab2d65cbd04c5104
SHA1 hash:
6879bc9a3dee6349dd838039a5a8d3313e580faa
Link:
https://www.unpac.me/results/44b8640d-5535-436a-9e96-df1ed6ff17fb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DriveBy Activity
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:mal_metasploit_shellcode_windows_powershell_tcp
Create hunting rule
Author:Maxime THIEBAUT (@0xThiebaut)
Description:Detects Metasploit import-hashes from the windows/powershell_bind_tcp and windows/powershell_reverse_tcp payloads
Reference:https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shellcode/
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
Rule name:Windows_Trojan_Metasploit_7bc0f998
Create hunting rule
Description:Identifies the API address lookup function leverage by metasploit shellcode
Rule name:Windows_Trojan_Metasploit_7bc0f998
Create hunting rule
Author:Elastic Security
Description:Identifies the API address lookup function leverage by metasploit shellcode
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Author:Elastic Security
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Metasploit

Executable exe a2e72444852787082d73c390cf12d82387db3707588506ab0d8a5aa9fd68e509

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/53234/
  
URLhaus
https://urlhaus.abuse.ch/url/3777071/
  
Delivery method
Distributed via web download

Comments