MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1cb41ea440ba8abb3c3ae6488afb3d4719cbaed88a79e83540b45b507bda902. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Meterpreter

Vendor detections: 2

Intelligence 2 IOCs YARA 2 File information Comments

SHA256 hash:	b1cb41ea440ba8abb3c3ae6488afb3d4719cbaed88a79e83540b45b507bda902
SHA3-384 hash:	4b9291a615410b847da3bbcbe30b3a7360be482c625dee30a89ae9ada8cf9c060921c444395d00be14d72956848b7baf
SHA1 hash:	0b41bcf6d85839023d1967336e7f5cb624b07a1c
MD5 hash:	7ad54143883f0a88cd8570db330b2926
humanhash:	nitrogen-wyoming-mexico-sad
File name:	billi_4fa79931167d46f7ad70b0e5daf22b23.exe.dom_2.exe
Download:	download sample
Signature	Meterpreter Create hunting rule
File size:	73'802 bytes
First seen:	2020-05-03 17:21:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep	1536:I1JeykS6/E4ShabJx2zJv4xEacEMb+KR0Nc8QsJq39:8etS89YJv4qtEe0Nc8QsC9
Threatray	69 similar samples on MalwareBazaar
TLSH	7173C042D6C41426D2A2127D37763AB26670F5FB3640C1DE368CC9E5EBC1DB0A3663C6
Reporter	JoulK
Tags:	exe Meterpreter

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.MSShellcode-7

Win.Trojan.Swrort-5710536-0

BC.Win.Trojan.Swrort-17210

Gathering data

Threat name:

Win32.Trojan.Swrort

Status:

Malicious

First seen:

2020-04-30 17:32:00 UTC

File Type:

PE (Exe)

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Verdict:

unknown

Meterpreter

278ad81624b893327658b221bc291559afc775fb5ca85e33c70901bfc45fad83

Meterpreter

32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887

Meterpreter

4fb5e1b5eaa6a8f4ff3e80429adaa9f5af1dded814c724a7839f25636530d0e3

Meterpreter

619751478ce61fb0e22bafd6335a970e33d359760bcf47cbb63c6a82f9e92648

Meterpreter

662fef8b4f1d3b467039e66b6c6c415583bca1cb49adf66dbf900d4c48f35db1

Meterpreter

8255500edc6efe47b5134ce371deeae6d4704789cc9116e32efe037666d3aa10

Meterpreter

c242df091dea3595d4a87d33a7e770205efb03f63646c31ba524dc4b748b4b3f

Meterpreter

c2d9409c2209201334bd83a2e1257be8adc7506019a721abe359249dbd74eced

Meterpreter

d44ec72ea7ed650ad5ae4102ef8b60397673335a4471f2537cf6f5933cc8bf49

Meterpreter

+ 59 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Cobalt_functions Create hunting rule
Author:	@j0sm1
Description:	Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

Rule name:	Msfpayloads_msf_10 Create hunting rule
Author:	Florian Roth
Description:	Metasploit Payloads - file msf.exe
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Meterpreter

exe b1cb41ea440ba8abb3c3ae6488afb3d4719cbaed88a79e83540b45b507bda902

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/355043/

URLhaus

https://urlhaus.abuse.ch/url/355320/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample