MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d9df1301b7effa44c07f3bd3efccf97d4d43a1503a8b385b20f0f9374200113. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d9df1301b7effa44c07f3bd3efccf97d4d43a1503a8b385b20f0f9374200113
SHA3-384 hash: 4ed7e4f2c61f3f5ae96dafb1ef69cdacb8d1060b8c1ef5f1dbe1e147c940f10bb8af97682f12a1d4dcfcb5c76b6495df
SHA1 hash: a4738a18a1fb108366b539252c9aa701ca67784f
MD5 hash: 759fb2238535e9b624d2cec3f6bdea42
humanhash: kansas-november-potato-island
File name:759fb2238535e9b624d2cec3f6bdea42
Download: download sample
File size:171'520 bytes
First seen:2020-11-17 12:15:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 3072:Jrc4XXDbgHXN7BnsjG4DMOkevRXglrJI:5cIXD0HXNVXOkeFM
Threatray 2 similar samples on MalwareBazaar
TLSH 82F35F69C9157B09CA8B7C7783C3DA3F39A21C83EF25095441B4BF6D0BB494B4ECA5A1
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Creating a process from a recently created file
Creating a file
Using the Windows Management Instrumentation requests
Creating a window
DNS request
Sending a custom TCP request
Unauthorized injection to a recently created process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d9df1301b7effa44c07f3bd3efccf97d4d43a1503a8b385b20f0f9374200113/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 19:36:12 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
18e9389fc9797fd1ad954ccf310035cd28c6f69e68279a493d495caa776ef52a
ea19c38f8a2c0eb0033242679c4bb5cc80d40ed636af56d0dc859abcba56656a
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-q9vqc7c9a6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetWindowsHookEx
Legitimate hosting services abused for malware hosting/C2
Executes dropped EXE
Unpacked files
SH256 hash:
0d9df1301b7effa44c07f3bd3efccf97d4d43a1503a8b385b20f0f9374200113
MD5 hash:
759fb2238535e9b624d2cec3f6bdea42
SHA1 hash:
a4738a18a1fb108366b539252c9aa701ca67784f
Link:
https://www.unpac.me/results/c85acbad-ac7a-4fdc-9e33-9ce47bdc7373/
SH256 hash:
97b1053215828d07b19702cdf2e4c34c1e6ab2734bc46bcaa5386e095b0734d1
MD5 hash:
842f0e37d753ae7f64f8938ec1f30a2b
SHA1 hash:
bd4872c2a33dbd1682b9fd8e6e0ddd760b7c477a
Link:
https://www.unpac.me/results/c85acbad-ac7a-4fdc-9e33-9ce47bdc7373/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments