MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02f5dd476f8df23ea9e9c5049281acc1d83a29e79c478266aa4c0ebaa659cf6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02f5dd476f8df23ea9e9c5049281acc1d83a29e79c478266aa4c0ebaa659cf6b
SHA3-384 hash: 2ed002f5fb2870b9ecec97dad6bea89ea7253bbc799fd9d0385cadc0f4396ad2513e57013b331d9a667844b7c5e0920a
SHA1 hash: dbe2b9677b03a804ad116e78476eff2cd5e63318
MD5 hash: 7c5098b71a8270c5d652a4c49168baf4
humanhash: fifteen-zulu-beer-arkansas
File name:nova.exe
Download: download sample
File size:280'064 bytes
First seen:2020-08-13 00:03:24 UTC
Last seen:2020-08-13 00:42:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'743 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:A+HBiP8q70wUZhrjwuBJmUr5t71sLxZ4f9XJ:NM0q7Uh/wu2EcxZ4f/
Threatray 225 similar samples on MalwareBazaar
TLSH 34545DBB72D1CA43C2542676C6F2D22043FED7432923D727E657138B8E12BED65896C8
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/44657/
Detection(s):
SecuriteInfo.com.Variant.Razy.700099.4675.5173.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Using the Windows Management Instrumentation requests
Running batch commands
Creating a file
Launching a process
Deleting of the original file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/424409
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Binary contains a suspicious time stamp
Deletes itself after installation
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02f5dd476f8df23ea9e9c5049281acc1d83a29e79c478266aa4c0ebaa659cf6b/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-08-01 04:31:17 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
0d46f6cd2186a84326476f3d5a76b4060889d787c92cd0aa7e77eeceb1cc05b6
16824559bb29a05606e2c4abf8dcebc90af5696cfac9c0d045a13299e1f44698
1d36a49464b06e161a182dfe3b2631fac5c76556d61d401e385c235fd124f4a1
54c429599d77052c7db47b68ac4c028065c4cabe7645ced48300a3ad774414ed
6953bac97a3acd3fb014255896b3a0abc540cc5104c5b387d73c3fe795e2a059
81ae80d0dc7e949cd78a6b555c1b08ebd8ec89ecf9847f3d1c0d9790b11be355
be5e5be8981ef261f24b21b1d6b67f5041d10ecc3eb3697a67142d43e71c7ece
ead217093eb194a4c15621c50213435e6e7bb2d955a4cd38a3f20acd099fba7b
ece833b1eb93817bbbdaa4e6ae2c05da09afd81704edc29c0908af20156710c5
f8a4be5923387077b32e65cfea383db1576e5dd068b926a1e9833ff24e48fd64
+ 215 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200813-f72qdlzy6n/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Backdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/02f5dd476f8df23ea9e9c5049281acc1d83a29e79c478266aa4c0ebaa659cf6b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/44657/

Comments