MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec07e202c24fd1e6ea92ddc95f14a117c5e2f8afb2c8ed6a00dafdddad599bd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Meterpreter

Vendor detections: 11

Intelligence 11 IOCs YARA 1 File information Comments

SHA256 hash:	ec07e202c24fd1e6ea92ddc95f14a117c5e2f8afb2c8ed6a00dafdddad599bd6
SHA3-384 hash:	244e357af5bf7ec7df5ceddf5186a03139fc5e80f989d31a86bf99d72fc3d0dabd2556cfbc22c6c60bbb7a7e03ae8460
SHA1 hash:	90b8a694b2e26b6e58d7bf31c1a2fa65de662528
MD5 hash:	35d50230ab5e627c2962f38afb5f5189
humanhash:	pluto-monkey-mississippi-fifteen
File name:	bp.bin
Download:	download sample
Signature	Meterpreter Create hunting rule
File size:	7'680 bytes
First seen:	2026-06-11 19:41:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c2d02fc98f1d75d7b9457468ec75da0e (17 x Meterpreter, 2 x Metasploit)
ssdeep	48:qkfjD4iEpnehthEdAzzddqRBBx0z4ODalfB:/bU4zdgB30bDW
TLSH	T135F142CAB23A1CE7F2760FBF838BE66611FE66116AA5171E0150110C2456A8E35A5F93
TrID	33.1% (.EXE) Win64 Executable (generic) (6522/11/2) 25.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.4% (.ICL) Windows Icons Library (generic) (2059/9) 10.3% (.EXE) OS/2 Executable (generic) (2029/13) 10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	skocherhan
Tags:	161-248-87-10 exe Meterpreter opendir

Intelligence

File Origin

# of uploads :

# of downloads :

137

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

MetaEncoder MetaSploit

Details

Link:

https://research.acce.ciphertechsolutions.com/results/950d9c5c-28e7-4cb9-ab83-ef4de1f4e483/

Malware family:

n/a

ID:

File name:

exe

Verdict:

No threats detected

Analysis date:

2026-06-11 19:42:34 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/6dc6d9fc-ffa3-4bb8-9dda-db0774e6cc58

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win64.MetasploitEncod-B.57868946.UNOFFICIAL

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a2b0f7a34eaf30d8ce4f807

Tags:

trojan spawn

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching cmd.exe command interpreter

Connection attempt

Launching the default Windows debugger (dwwin.exe)

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

masquerade microsoft_visual_cc packed

Link:

https://www.filescan.io/uploads/6a2b0f713d2a0c6df8eaf9a2/reports/e52066a5-0ac1-43ed-9414-7fe353434aca/overview

Verdict:

Malicious

Labled as:

Shellcode.Ode.Marte.A.Generic

Link:

https://www.hybrid-analysis.com/sample/ec07e202c24fd1e6ea92ddc95f14a117c5e2f8afb2c8ed6a00dafdddad599bd6

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/f66157d6-a490-495b-abf4-55fc4a2f3cde

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/ec07e202c24fd1e6ea92ddc95f14a117c5e2f8afb2c8ed6a00dafdddad599bd6

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ec07e202c24fd1e6ea92ddc95f14a117c5e2f8afb2c8ed6a00dafdddad599bd6/

Threat name:

Win64.Backdoor.Meterpreter

Status:

Malicious

First seen:

2026-06-08 17:50:36 UTC

File Type:

PE+ (Exe)

AV detection:

29 of 36 (80.56%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5qd6eawcj7i6n2us3xev6ffbc7c6f6fpwleo22qa3l653lkztpla._file

Verdict:

malicious

Label(s):

metasploit

Similar samples:

error

Meterpreter

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260611-yec4qsdz3q/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

ec07e202c24fd1e6ea92ddc95f14a117c5e2f8afb2c8ed6a00dafdddad599bd6

MD5 hash:

35d50230ab5e627c2962f38afb5f5189

SHA1 hash:

90b8a694b2e26b6e58d7bf31c1a2fa65de662528

Detections:

triage_meterpreter

Link:

https://www.unpac.me/results/29a5811f-c7f3-4fed-8d04-2c066479410f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.40

Link:

https://yomi.yoroi.company/submissions/ec07e202c24fd1e6ea92ddc95f14a117c5e2f8afb2c8ed6a00dafdddad599bd6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

https://x.com/_IMalihi_/status/2064747807320252780

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample