MalShare

SHA256 Hash	File type	Added	Source	Yara Hits
613a29eec4dddb4a9b8069f9353fcbfb884be59ea7b12899784c907aed4fb7a0	ASCII	2022-02-04 03:13:49	http://13.236.74.237:8000/PowerSploit/Privesc...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4
f3423ff9877aaf7723223332c7e41d70fd31b80b140987669fac0ec32dd4025c	ASCII	2022-02-04 02:58:12	http://13.236.74.237:8000/PowerSploit/CodeExe...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+] YRP/inject_thread YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/Empire_Invoke_Shellcode
f3c0288998194f41986572e0c0ce9724ae29b45165f01887ae825b45a9880ce3	C	2022-02-04 02:57:05	http://13.236.74.237:8000/PowerSploit/CodeExe...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen1 YRP/Empire_PowerShell_Framework_Gen2 YRP/Empire_PowerShell_Framework_Gen3 YRP/Empire_PowerShell_Framework_Gen4 YRP/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen YRP/Empire_Invoke_Gen YRP/Empire_PowerShell_Framework_Gen5 FlorianRoth/Empire_PowerShell_Framework_Gen1 FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_PowerShell_Framework_Gen3 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/Empire_Invoke_Gen FlorianRoth/Empire_PowerShell_Framework_Gen5 FlorianRoth/ps1_toolkit_Invoke_Mimikatz FlorianRoth/ps1_toolkit_Invoke_Mimikatz_RelfectivePEInjection FlorianRoth/Empire_Invoke_Mimikatz FlorianRoth/Invoke_Mimikatz FlorianRoth/Hacktool_Strings_p0wnedShell
55b994fa394b2c3402d4bb83bc54fe3df05f68df8da02330c60700ee8ad591f8	ASCII	2022-02-04 02:56:58	http://13.236.74.237:8000/PowerSploit/CodeExe...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/Empire_Invoke_DllInjection YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_Invoke_DllInjection FlorianRoth/Empire_PowerShell_Framework_Gen4
bbbd132a57d4f8f602f7a2b991afb6cfe7e01e639d2bfbbf92c448ab1e40e0d2	UTF-8	2022-02-04 00:16:33	http://23.95.137.162:80/amsi-bypass	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4
4a61696932f036bd2f57482516fd5d8b7e2939259757f82d17ed27f6fe430794	ASCII	2022-01-05 15:00:12	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Msfpayloads_msf_ref
33f471558fcdec5a5a17d74c4af5f183c3f634292948f76b9a598458c358aa7e	ASCII	2021-12-23 17:41:23	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Msfpayloads_msf_ref
9836e6f891ad0da345c00c11cb8b195726472d125ac1d945e2bf6988ebbf87f2	ASCII	2021-11-16 16:00:44	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4
814ddc05e85b402a48f68a270559a1f18ae04700e259f0cbbe4499f18a9fd774	ASCII	2021-10-22 03:31:43	http://92.222.158.49/powersploit-payload	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+] YRP/inject_thread YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/Empire_Invoke_Shellcode
7778f469fe8236339daa5ba3605f2980e79bbd981625edb28a29e83d198aafa5	ASCII	2021-07-24 10:00:55	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4
916b12c3c42a5a3531c425a1bd770e7e87ec8be4d9ef2c31b07f2e2ba0eac770	ASCII	2021-07-13 22:00:24	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Msfpayloads_msf_ref
5f71928a2a8649734263ee2db8b4f8cd732546da4560a40040b4d94c645fbd9e	ASCII	2021-06-29 12:00:53	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Msfpayloads_msf_ref
876a139b7ccae5f49f45fe17f32edbcf3c150ecb95efe3adc59f3627389a4874	ASCII	2021-06-10 14:32:32	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Msfpayloads_msf_ref
10212d48b30c8a6281a6644743d5af2d0686af8708ac7c4c9ece222cb96bddd9	ASCII	2020-04-08 14:57:41	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Msfpayloads_msf_ref
8d944540b640c1c78de1e77d4c9bd60feeac310583437aefe70db9a0cfe1dfe4	ASCII	2019-07-17 12:11:31	User Submission	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+] YRP/Antivirus YRP/inject_thread YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/Empire_Invoke_Shellcode FlorianRoth/Hacktool_Strings_p0wnedShell
aba95a1b5ebc1b26cd0b4c8d37255d83b621240d4429452d4a7c5f071b1dc2fa	ASCII	2019-05-05 01:36:27	http://45.76.216.23/PowerShell/Invoke-TokenMa...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Hacktool_Strings_p0wnedShell
14ae024e8e580904113eea52ce2a000b37b2998c2f257d3bc2cd176e8d9de1a2	C	2019-05-05 01:36:22	http://45.76.216.23/PowerShell/Invoke-Reflect...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen1 YRP/Empire_PowerShell_Framework_Gen2 YRP/Empire_PowerShell_Framework_Gen3 YRP/Empire_PowerShell_Framework_Gen4 YRP/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen YRP/Empire_Invoke_Gen FlorianRoth/Empire_PowerShell_Framework_Gen1 FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_PowerShell_Framework_Gen3 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/Empire_Invoke_Gen FlorianRoth/ps1_toolkit_Invoke_Mimikatz FlorianRoth/ps1_toolkit_Invoke_Mimikatz_RelfectivePEInjection FlorianRoth/Empire_Invoke_Mimikatz FlorianRoth/Invoke_Mimikatz FlorianRoth/Hacktool_Strings_p0wnedShell
1e9b5c717b5e50ad3b99ffe5b0a18cb766558c651a583da2a1e383d6ca5162a6	ASCII	2019-05-04 23:51:42	http://196.52.9.47/Invoke--Shellcode.ps1	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/Empire_Invoke_Shellcode FlorianRoth/Hacktool_Strings_p0wnedShell
6862000ab6dee468b61c6342f44d7ec6dbfe9cfcacd3bcd4d4442bbaba33784d	ASCII	2018-11-14 17:43:51	User Submission	CuckooSandbox/embedded_win_api YRP/domain YRP/contentis_base64 YRP/Empire_PowerShell_Framework_Gen4 [+] FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Msfpayloads_msf_ref
617c8a5705a893a16dc3956acc2627f147471241f597505cdc8694d1856fe99c	C	2018-03-07 03:53:30	http://207.148.71.41/CodeExecution-dll.jpg	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen1 YRP/Empire_PowerShell_Framework_Gen2 YRP/Empire_PowerShell_Framework_Gen3 YRP/Empire_PowerShell_Framework_Gen4 YRP/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen YRP/Empire_Invoke_Gen FlorianRoth/Empire_PowerShell_Framework_Gen1 FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_PowerShell_Framework_Gen3 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/Empire_Invoke_Gen FlorianRoth/ps1_toolkit_Invoke_Mimikatz FlorianRoth/ps1_toolkit_Invoke_Mimikatz_RelfectivePEInjection FlorianRoth/Empire_Invoke_Mimikatz FlorianRoth/Invoke_Mimikatz FlorianRoth/Hacktool_Strings_p0wnedShell
795edc88ad1f89b9218fd03d0b48b3f5e9780d61c1919d47b554dbffb99424af	ASCII	2018-03-07 03:12:47	http://172.104.107.30/PowerSploit/Privesc/Get...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4
069e5cecdd18e8ff73c434cc6508d60ac5ba8396855446832ec3f55334945c71	ASCII	2018-03-07 03:12:27	http://172.104.107.30/PowerSploit/Exfiltratio...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Hacktool_Strings_p0wnedShell
a123b3edcfe9793541904aa85a0abc650631c2992306b83b103afdb2527bb90d	ASCII	2018-03-07 03:09:45	http://172.104.107.30/PowerSploit/Exfiltratio...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4
e314f94c661a020cd027dd69894a48dfcc3bcacf31246e72d18c513fdd5aad0c	ASCII	2018-03-07 03:09:43	http://172.104.107.30/PowerSploit/Exfiltratio...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Dropper_Strings YRP/Misc_Suspicious_Strings YRP/keylogger YRP/win_hook YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4
457cd41fbb528812aa51bc4b31fce042cdf736281b162181d91c47733d0e9e4b	ASCII	2018-03-07 03:08:02	http://172.104.107.30/PowerSploit/CodeExecuti...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/contentis_base64 [+] YRP/inject_thread YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/Empire_Invoke_Shellcode
f2bc373ee9715d1d912b833393cf2eff89e9906133b2ff393a3a6f226e5279b0	ASCII	2018-03-07 03:07:59	http://172.104.107.30/PowerSploit/CodeExecuti...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/IP [+] YRP/url YRP/contentis_base64 YRP/Antivirus YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/ps1_toolkit_Invoke_Shellcode FlorianRoth/Empire_Invoke_Shellcode FlorianRoth/Hacktool_Strings_p0wnedShell
c81d0073c92d0b4d0cc66a4c1d64d4ca2afbe56d78eb9d9611be8055919fd8ba	C	2018-03-07 03:07:57	http://172.104.107.30/PowerSploit/CodeExecuti...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/escalate_priv YRP/win_token YRP/Empire_PowerShell_Framework_Gen1 YRP/Empire_PowerShell_Framework_Gen2 YRP/Empire_PowerShell_Framework_Gen3 YRP/Empire_PowerShell_Framework_Gen4 YRP/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen YRP/Empire_Invoke_Gen FlorianRoth/Empire_PowerShell_Framework_Gen1 FlorianRoth/Empire_PowerShell_Framework_Gen2 FlorianRoth/Empire_PowerShell_Framework_Gen3 FlorianRoth/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen FlorianRoth/Empire_Invoke_Gen FlorianRoth/ps1_toolkit_Invoke_Mimikatz FlorianRoth/ps1_toolkit_Invoke_Mimikatz_RelfectivePEInjection FlorianRoth/Empire_Invoke_Mimikatz FlorianRoth/Invoke_Mimikatz FlorianRoth/Hacktool_Strings_p0wnedShell
788121850fe9095492f79af631d43e342cdcf7a09d1becf97356dc97e4ae869d	ASCII	2018-03-07 03:07:54	http://172.104.107.30/PowerSploit/CodeExecuti...	CuckooSandbox/embedded_win_api YRP/powershell YRP/domain YRP/url [+] YRP/contentis_base64 YRP/Misc_Suspicious_Strings YRP/inject_thread YRP/Empire_Invoke_DllInjection YRP/Empire_PowerShell_Framework_Gen4 FlorianRoth/Empire_Invoke_DllInjection FlorianRoth/Empire_PowerShell_Framework_Gen4

Recent Searches
yrp/empire_powershell_framework_gen4
yrp/obsidium_v1304_obsidium_software
yrp/codoso_plugx_1
yrp/fsg_13
yrp/upack_v01x_v02x_dwing
yrp/orien_v1x_v2x_fisun_av_sign_by_fly_additional
yrp/excaliburv103forgotus
yrp/orienv211212fisunalexander
yrp/_pseudosigner_01_aspack_2xx_heuristic
yrp/equationgroup_toolset_apr17_eternalromance_2

Search

Recent Searches