MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f835857658248ec00f733146b647004a62ef97d3ad294a3d0aea62a94418a829. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Meterpreter


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f835857658248ec00f733146b647004a62ef97d3ad294a3d0aea62a94418a829
SHA3-384 hash: 317b2b970e89b37b3401bbb843749ae822c9a4993b34ac6f003344ad1c90051d1645e794046cdf0ecbee0f53ce544f14
SHA1 hash: 8c98090bb93705996a6703b5e151c2e8cddf5a37
MD5 hash: 88bd9a902c1e1f8c3f955071b0b74bb7
humanhash: aspen-pizza-edward-winner
File name:f835857658248ec00f733146b647004a62ef97d3ad294a3d0aea62a94418a829
Download: download sample
Signature Meterpreter
Create hunting rule
File size:1'092'608 bytes
First seen:2022-09-08 09:25:28 UTC
Last seen:2022-09-08 09:47:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 341ef3eec107cf8949a849080b1bfce0 (9 x XWorm, 1 x Meterpreter, 1 x RedLineStealer)
ssdeep 6144:CJ6Wqj7+RS97wCUwnJpS9wqjEtakEqC7OM+LUHDO9qS1QUW:2w9cCn+jsE6SO9l
Threatray 2'407 similar samples on MalwareBazaar
TLSH T1EA35AC590EE93C10CD5FC11DAB5F7EBC8392074A2A02B4A606EF5C5C572D68F21B5ECA
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter adrian__luca
Tags:exe Meterpreter

Intelligence

File Origin
# of uploads :
2
# of downloads :
294
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/308689/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.61634424.28053.13790.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/37037/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
swrort
Link:
https://www.filescan.io/uploads/6319b568bdec86ddb45c8661/reports/05f79740-7c4e-4f23-a1ad-768ac8df8449/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c42adf2a-e58d-4505-a41a-c067d522e4e6
Result
Threat name:
Meterpreter
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1066979
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Yara detected Meterpreter
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f835857658248ec00f733146b647004a62ef97d3ad294a3d0aea62a94418a829/
Threat name:
Win64.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2022-08-28 15:54:56 UTC
File Type:
PE+ (Exe)
Extracted files:
3
AV detection:
7 of 26 (26.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7a2yk5syeshmad3tgfdlmryajjro7f6tvuuuupik5jrksrayvauq._file
Verdict:
malicious
Similar samples:
054498f9520c77728c723a72e1657dd9371090e8c9ac67b53e888e5c0d03afed
Meterpreter
0a1f783975c84eb09e79a4c0c984ec8a9aa4de8deeb3b03bec3877bf4629bae5
Meterpreter
40a4f84e519d5f19e8dcdd291c0044d0f260cfec720e065bee9644b8ed2e2491
Meterpreter
5193e7d006b375ac296ea34ab8917842faf6e0eeea196ad9319ea28d8ffcab30
Meterpreter
85a13e4751a7a3dbccd46a23a441ec7838f5df8ce13f6a76e0347838200e47b9
Meterpreter
b29b0f2a27ccbb9f12363a3dde1f2d2373fdc782232f4804f0abffbb8daf9d25
Meterpreter
e53559c78dd327bd53cd47635c73d57273c3e0a809c7bee8d3353b3903d7c2ff
Meterpreter
+ 2'397 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220908-ld6y7sbdbp/
Unpacked files
SH256 hash:
f835857658248ec00f733146b647004a62ef97d3ad294a3d0aea62a94418a829
MD5 hash:
88bd9a902c1e1f8c3f955071b0b74bb7
SHA1 hash:
8c98090bb93705996a6703b5e151c2e8cddf5a37
Link:
https://www.unpac.me/results/fa2c7a18-a7f4-49fa-b8d2-fc22eb9bc701/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f83585765824/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f835857658248ec00f733146b647004a62ef97d3ad294a3d0aea62a94418a829

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/308689/

Comments