MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

YellowCockatoo

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c
SHA3-384 hash:	43aeafa8a2cb4f204873e068467e73a6bab3a46647e7d127586ca790d25c8e15c4837f199158f3e48efbfafaf8d93c85
SHA1 hash:	46345fdcb0002b3e752d20371f3f666447ee8a23
MD5 hash:	6672c71316870f518ea0c06b67b30e5e
humanhash:	spring-quiet-muppet-bakerloo
File name:	installer-release.exe.zip
Download:	download sample
Signature	YellowCockatoo Create hunting rule
File size:	3'954'579 bytes
First seen:	2023-10-05 07:32:24 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	49152:hzgUM3Ys8O1B9Us4nyf/UxpSAykJIGXRHPfUGd/k:hzg7YbO1B9UFOMxpRyXORHP8Gds
TLSH	T15206452E5C749892495B6CCC832E7EA75735F01BEE7A339D24A02C391CA93D516C27EC
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	SquiblydooBlog
Tags:	file-pumped Jupyter Polazert solarmarker YellowCockatoo zip

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	installer-release.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	317'774'416 bytes
SHA256 hash:	b55b93ec2e7b962840adfacb4e6007c620f6e7fc9a1289825b44b1376a5cc081
MD5 hash:	71b88c84cdde82e0493022d22c933857
De-pumped file size:	317'764'608 bytes (Vs. original size of 317'774'416 bytes)
De-pumped SHA256 hash:	7f61d63406a2aec26413da0eeab5c4fb6717717e5d015d76d34337ee93dc0173
De-pumped MD5 hash:	e491a9dc81e81fb9393cca96c8b7d699
MIME type:	application/x-dosexec
Signature	YellowCockatoo

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.972-1.UNOFFICIAL

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c/results/dashboard

Gathering data

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c/

Threat name:

Binary.Trojan.Hulk

Status:

Malicious

First seen:

2023-10-05 07:33:07 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

5 of 38 (13.16%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=juhzruloujshci72sakkbihdbfundrmms423a52hhvckoyzozega._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/231005-jletksbd26/

Behaviour

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

solarmarker

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4d0f98d16ea2647123fa9014a0a0e30968d1c58c9735b077473d44a7632ec90c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample