MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efb57de388772c948de0d8ae04db4325caeefa010c68c81563807d9a8e870b5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Meterpreter


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efb57de388772c948de0d8ae04db4325caeefa010c68c81563807d9a8e870b5a
SHA3-384 hash: a3be33fea75c864b98f653f291c9b2eb213a00fab2b68dd00b84d8c1c2940c84e5cfd6257db23ccce531457e511262a9
SHA1 hash: 94c9c85011e9c1498b653fdd7455dbcd3f06b9ae
MD5 hash: 41e5ebf9f727feead56f2fc431690329
humanhash: march-ohio-iowa-helium
File name:41e5ebf9f727feead56f2fc431690329
Download: download sample
Signature Meterpreter
Create hunting rule
File size:73'802 bytes
First seen:2021-12-18 22:04:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep 1536:I7U0q4xfa9zINR1hTSJk4wXyapUCzfdIbhe3Mb+KR0Nc8QsJq39:I5lSz2R1hTSJk4wXkCzfdIbhye0Nc8Qb
TLSH T11073BF4295C85136D156013E2BB63AB6D5B4F1FB3201D2993A8CCDE5EFD1CB0A26B3C6
Reporter zbetcheckin
Tags:32 exe Meterpreter

Intelligence

File Origin
# of uploads :
1
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/215201/
Detection(s):
Win.Trojan.Swrort-5710536-0
Create hunting rule

BC.Win.Trojan.Swrort-17210
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2548/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
cobalt greyware overlay packed
Link:
https://www.filescan.io/uploads/61be5ad8ec6c6c14a9e0e5d0/reports/8c78fd27-8492-4c28-a4c0-f03930594d14/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3425faf5-47e0-45d3-90e1-4659164eef9e
Result
Threat name:
Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/909668
Signature
Antivirus / Scanner detection for submitted sample
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Metasploit Payload
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/efb57de388772c948de0d8ae04db4325caeefa010c68c81563807d9a8e870b5a/
Threat name:
Win32.Trojan.Swrort
Create hunting rule
Status:
Malicious
First seen:
2021-12-18 22:05:10 UTC
File Type:
PE (Exe)
AV detection:
27 of 28 (96.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=562x3y4io4wjjdpa3cxajw2dexfo56qbbrumqfldqb6zvduhbnna._file
Verdict:
malicious
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:metasploit backdoor trojan
Link:
https://tria.ge/reports/211218-1yx95agdhm/
Behaviour
MetaSploit
Malware Config
C2 Extraction:
188.84.244.173:4444
Unpacked files
SH256 hash:
efb57de388772c948de0d8ae04db4325caeefa010c68c81563807d9a8e870b5a
MD5 hash:
41e5ebf9f727feead56f2fc431690329
SHA1 hash:
94c9c85011e9c1498b653fdd7455dbcd3f06b9ae
Link:
https://www.unpac.me/results/e91fe3b6-9b35-48a7-81bd-93214245aed4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/efb57de388772c948de0d8ae04db4325caeefa010c68c81563807d9a8e870b5a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:metasploit_rev_tcp_32
Create hunting rule
Author:Javier Rascon

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Meterpreter

Executable exe efb57de388772c948de0d8ae04db4325caeefa010c68c81563807d9a8e870b5a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1896737/
Cape
Cape
https://www.capesandbox.com/analysis/215201/

Comments


Avatar
zbet commented on 2021-12-18 22:04:04 UTC

url : hxxp://oreokitkat.ddns.net/downloader/shell.exe