MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4c7d6d5445243f3c8d4154bba3f22e746335d8e9815c2e0c5f572ff1e4cd938. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4c7d6d5445243f3c8d4154bba3f22e746335d8e9815c2e0c5f572ff1e4cd938
SHA3-384 hash: 2d810e33b081efe589b1b8039f0ee5e416895923b7eff4af5f8ec79e6d2e3152abfeed6afa8d7d51d3cbc2d6f5693913
SHA1 hash: 54a4524fe4120d17c9f4177ac7700b63595031d5
MD5 hash: 99b01164daf2732840eda4213badab92
humanhash: single-alanine-arkansas-autumn
File name:sc64.bin
Download: download sample
File size:460 bytes
First seen:2026-02-22 18:16:56 UTC
Last seen:Never
File type:unknown
MIME type:application/octet-stream
ssdeep 12:ytrO1tLtaUl8RupK9UmQHshkeNDJSzmNUmh7EvudnAkeG/KID:UaKq9K9qXeNDJSqUmZEWdXCID
TLSH T1BEF0D4313700200DD5287549CD539C3BA7D589B9323638B297DC01137756F755155151
Magika mscompress
Reporter juroots
Tags:bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
IL IL
Vendor Threat Intelligence
Detection(s):
Win.Trojan.MSShellcode-6
Create hunting rule

Verdict:
Malicious
Labled as:
ShellCode.Metasploit.Marte.2.Generic
Link:
https://www.hybrid-analysis.com/sample/a4c7d6d5445243f3c8d4154bba3f22e746335d8e9815c2e0c5f572ff1e4cd938
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4c7d6d5445243f3c8d4154bba3f22e746335d8e9815c2e0c5f572ff1e4cd938/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=utd5nvkekjb7hsgucvf3upzc45ddgxmotak4fygf6vzp6hsm3e4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a4c7d6d5445243f3c8d4154bba3f22e746335d8e9815c2e0c5f572ff1e4cd938

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CobaltStrike_Resources_Reverse64_Bin_v2_5_through_v4_x
Create hunting rule
Author:gssincla@google.com
Description:Cobalt Strike's resources/reverse64.bin signature for versions v2.5 to v4.x
Reference:https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse
Rule name:CobaltStrike__Resources_Reverse64_Bin_v2_5_through_v4_x
Create hunting rule
Author:gssincla@google.com
Rule name:metasploit_rev_tcp_64
Create hunting rule
Author:Javier Rascon
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
Rule name:Windows_Trojan_Metasploit_7bc0f998
Create hunting rule
Description:Identifies the API address lookup function leverage by metasploit shellcode
Rule name:Windows_Trojan_Metasploit_7bc0f998
Create hunting rule
Author:Elastic Security
Description:Identifies the API address lookup function leverage by metasploit shellcode
Rule name:Windows_Trojan_Metasploit_91bc5d7d
Create hunting rule
Author:Elastic Security
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm
Rule name:Windows_Trojan_Metasploit_c9773203
Create hunting rule
Author:Elastic Security
Description:Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.
Reference:https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown a4c7d6d5445243f3c8d4154bba3f22e746335d8e9815c2e0c5f572ff1e4cd938

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3784039/
  
Delivery method
Distributed via web download

Comments