MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd85f2a62aad6565640751d0454f1cdb86d0dcdc21a465418cf5833ee5f68322. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Meterpreter

Vendor detections: 6

Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash:	bd85f2a62aad6565640751d0454f1cdb86d0dcdc21a465418cf5833ee5f68322
SHA3-384 hash:	bca7faee95001e3428b1bddbedba43caaa99c91eaf8f937bca5d5ed192a7e5d95fb89de5e2715a745f51352fbb57b911
SHA1 hash:	534fbcfb6d7ea8665c9a76dc8d467a3385b7d425
MD5 hash:	e106e3b19607ed2c2cb2af0ac5d1b27d
humanhash:	venus-dakota-winter-lamp
File name:	e106e3b19607ed2c2cb2af0ac5d1b27d
Download:	download sample
Signature	Meterpreter Create hunting rule
File size:	73'802 bytes
First seen:	2021-06-24 08:17:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep	1536:IIm/fQHvvhKj55UDOzSDJSAFg3aMb+KR0Nc8QsJq39:+2otj1AEae0Nc8QsC9
TLSH	D773CF42EAC45530C1A5127A27753A7A5D74F4F63306C19A768CCCE9DBD28F0A36B3CA
Reporter	zbetcheckin
Tags:	32 exe Meterpreter

Intelligence

File Origin

# of uploads :

# of downloads :

120

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

e106e3b19607ed2c2cb2af0ac5d1b27d

Verdict:

Suspicious activity

Analysis date:

2021-06-24 08:21:05 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/38e854c1-0c5c-4e20-832f-45d5ed115d12

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/167897/

Detection(s):

Win.Trojan.Swrort-5710536-0

BC.Win.Trojan.Swrort-17210

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e4c83b0c-dbd0-4198-b1a1-921343ca0499

Result

Threat name:

Metasploit

Detection:

malicious

Classification:

troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/807262

Signature

Antivirus / Scanner detection for submitted sample

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Metasploit Payload

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bd85f2a62aad6565640751d0454f1cdb86d0dcdc21a465418cf5833ee5f68322/

Threat name:

Win32.Trojan.Swrort

Status:

Malicious

First seen:

2021-06-16 06:58:00 UTC

AV detection:

42 of 46 (91.30%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

metasploit

Score:

10/10

Tags:

family:metasploit backdoor trojan

Link:

https://tria.ge/reports/210624-kjhvfvxsm6/

Behaviour

MetaSploit

Malware Config

C2 Extraction:

192.168.1.11:1234

Unpacked files

SH256 hash:

bd85f2a62aad6565640751d0454f1cdb86d0dcdc21a465418cf5833ee5f68322

MD5 hash:

e106e3b19607ed2c2cb2af0ac5d1b27d

SHA1 hash:

534fbcfb6d7ea8665c9a76dc8d467a3385b7d425

Link:

https://www.unpac.me/results/cfa48aed-ef6f-4258-8cbc-52a0cc331402/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/bd85f2a62aad6565640751d0454f1cdb86d0dcdc21a465418cf5833ee5f68322

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Cobalt_functions Create hunting rule
Author:	@j0sm1
Description:	Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT