MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b70d7b1731c2e5af3847a1d54d746c376f676b3ca37bc8df31d0c1eba671ba79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b70d7b1731c2e5af3847a1d54d746c376f676b3ca37bc8df31d0c1eba671ba79
SHA3-384 hash: 1690829b5f5c24ed36c5ac7a48f262de7df59d790efbd3b3636286c2e640d83018608807254bd9ff741f954ba85d91f8
SHA1 hash: 8efe4c709c62144d720a40701d1401d8481bc71b
MD5 hash: f87e8fdf0b453a829a794fd3de47450c
humanhash: kansas-jersey-mockingbird-three
File name:malware_with_signature_Accelerate Technologies Ltd (31)
Download: download sample
File size:1'077'280 bytes
First seen:2020-08-29 08:20:11 UTC
Last seen:2020-08-29 08:36:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 85c26966142d8dfd42db038ca4d2f224
ssdeep 24576:wEWDmEtZEJIcD6ATMxEVTcqGhcD/VbbzG5a:wEcmEE1Driw
Threatray 7 similar samples on MalwareBazaar
TLSH 26352B69E70625F4E61763B1819EEB7B9B18BA558032AE7FFF4FCA08B0334123D45095
Reporter JAMESWT_WT
Tags:Accelerate Technologies Ltd

Code Signing Certificate

Organisation:Accelerate Technologies Ltd
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Mar 7 00:00:00 2020 GMT
Valid to:Mar 4 23:59:59 2021 GMT
Serial number: B3F906E5E6B2CF61C5E51BE79B4E8777
Intelligence: 35 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 2B48363D587B11F2726D343E0ED1D76A2E4ADBC4A383C30CDAE41ADE0006B224
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/52831/
Detection(s):
SecuriteInfo.com.BackDoor.Spy.3756.7372.18105.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/454178
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 279460 Sample: malware_with_signature_Acce... Startdate: 29/08/2020 Architecture: WINDOWS Score: 60 36 Antivirus / Scanner detection for submitted sample 2->36 38 Multi AV Scanner detection for submitted file 2->38 14 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 2->14         started        process3 process4 16 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 14->16         started        18 conhost.exe 14->18         started        process5 20 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 16->20         started        process6 22 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 20->22         started        process7 24 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 22->24         started        process8 26 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 24->26         started        process9 28 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 26->28         started        process10 30 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 28->30         started        process11 32 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 30->32         started        process12 34 malware_with_signature_Accelerate Technologies Ltd (31).exe 1 32->34         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b70d7b1731c2e5af3847a1d54d746c376f676b3ca37bc8df31d0c1eba671ba79/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-08-25 22:46:48 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
44979b3e2e49934c1b0a344711408cfe8d19c54c0c177cbc80425955b1d71b3d
46552aa0ea1419bb208ac1d67ae7c39e1573aabc82080fdff968a0c1867d0a22
a991f1aac4e086eaa96da23639f871b5629b4987a7a9203537a062075e8384e8
c1d7731ac02354dce14bf98a56a00f0b908fa2d8dcb3375bee86fa3aca8d79f7
d0d8ca50b3046b2c5a6a992a4a4308e449e897446dcfefef9d0c4640538f9965
d69389d43f6a551acba49cb72681b92fe838725f116610a81f23ef25bb6f7f24
eab1c7370e4fe2a6b0798f4c9cb2cae10297acf31788a39bdcabe78c697d9336
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200829-ty4xxaxb32/
Behaviour
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Backdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b70d7b1731c2e5af3847a1d54d746c376f676b3ca37bc8df31d0c1eba671ba79

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/52831/

Comments