MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53f94edcd6279d8ae7b4f704b25b58ca91c70f9d5efcd107e4e5c0fc0002370d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YellowCockatoo


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53f94edcd6279d8ae7b4f704b25b58ca91c70f9d5efcd107e4e5c0fc0002370d
SHA3-384 hash: d074934ddd1d54a9406154459f2b409413e08062b717947c8daf392a73f63491f720ed81baaf1758449b6debc9ce5cd0
SHA1 hash: 6630ebc137d257edab8c2b3d417b53ffa42d5483
MD5 hash: fe6e7a4572c36b4ccd45770cee2ee97d
humanhash: thirteen-tennessee-pizza-angel
File name:8530546911.zip
Download: download sample
Signature YellowCockatoo
Create hunting rule
File size:3'454'500 bytes
First seen:2022-12-03 07:21:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:AclkPToIpBYHo5PFllAewm+B3bIFerS6UqPiXz6eYzxJNUtuzU:AcWPTuHondiLIFelPr3x7UaU
TLSH T1C5F5FF8181AD6BE7E5904EEF5D191A82F382B52190D5E8824CFF732F1698CF677814E3
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter SquiblydooBlog
Tags:file-pumped Jupyter Polazert solarmarker YellowCockatoo zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
229
Origin country :
US US
File Archive Information

This file archive contains 46 file(s), sorted by their relevance:

File name:6
File size:308 bytes
SHA256 hash: 11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28
MD5 hash: 5ca217e52bdc6f23b43c7b6a23171e6e
MIME type:application/octet-stream
Signature YellowCockatoo
File name:32763
File size:20 bytes
SHA256 hash: 43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a
MD5 hash: 48e064acaba0088aa097b52394887587
MIME type:application/vnd.lotus-1-2-3
Signature YellowCockatoo
File name:ICON
File size:62 bytes
SHA256 hash: c2f352fe34f0eaa70703b31279d04a7788641a767f09c870543500707f630856
MD5 hash: 6c84b3f9ef972ac3255d237612a09053
MIME type:application/octet-stream
Signature YellowCockatoo
File name:7
File size:308 bytes
SHA256 hash: 6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d
MD5 hash: 6be7031995bb891cb8a787b9052f6069
MIME type:application/octet-stream
Signature YellowCockatoo
File name:32761
File size:20 bytes
SHA256 hash: c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710
MD5 hash: a2baa01ccdea3190e4998a54dbc202a4
MIME type:application/vnd.lotus-1-2-3
Signature YellowCockatoo
File name:4096
File size:692 bytes
SHA256 hash: ce28bb03eda08a374750ce5be8f32f5739cfed85bf3b6d667be80938fd92615b
MD5 hash: fe522eba644ae5f88eb858b4cb3a5829
MIME type:application/octet-stream
Signature YellowCockatoo
File name:BBIGNORE.bmp
File size:478 bytes
SHA256 hash: ffb3db09da629fdfcf68d460016829a64acb62faea57c44853284fc295fd9e39
MD5 hash: 537bbb784734d9293bc1479985f149b4
MIME type:image/bmp
Signature YellowCockatoo
File name:32766
File size:20 bytes
SHA256 hash: 6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5
MD5 hash: dcaa3c032fe97281b125d0d8f677c219
MIME type:application/vnd.lotus-1-2-3
Signature YellowCockatoo
File name:BBALL.bmp
File size:498 bytes
SHA256 hash: 3b955a8390543262469dd6137117aeedca29f3932283d4e97755ac7e6b1cef2b
MD5 hash: 2e1636dc1205967b87e0a48ca4374160
MIME type:image/bmp
Signature YellowCockatoo
File name:4081
File size:244 bytes
SHA256 hash: 28ef5068f1c0a01720a8f4a6998693fb2076f9dc869d24b407636b43cf9ab939
MD5 hash: e0e483316f903a5e8a4d153d0626eecd
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4086
File size:232 bytes
SHA256 hash: 8abff6773b392989daf7307590eb4ad6e16fa3f517207a2c5adc6d6ece829c4e
MD5 hash: 1e385d8c552c5f4cc45df051ae51727a
MIME type:application/x-stargallery-thm
Signature YellowCockatoo
File name:8752108c47b3c85486cdf81610557d75968d2538e71f1e364f6d7fa1da6bce3d
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:315'100'480 bytes
SHA256 hash: 8752108c47b3c85486cdf81610557d75968d2538e71f1e364f6d7fa1da6bce3d
MD5 hash: 0732096091fcd4d27ebe9b01027865b0
De-pumped file size:315'094'528 bytes (Vs. original size of 315'100'480 bytes)
De-pumped SHA256 hash: ddd07611b2183b15b18cfe5c83185230abfe405eb546dd92f9451ab504f8e473
De-pumped MD5 hash: a5bddca4012fd6de1bf687f2c34a82a3
MIME type:application/x-dosexec
Signature YellowCockatoo
File name:4082
File size:476 bytes
SHA256 hash: 7e9aed90ec7a49e868d27b3b5d32f073e49b3a73984d724c7f9ac1ec82f37eeb
MD5 hash: 6ef859958e2bb534c0e86d04a0a746eb
MIME type:application/octet-stream
Signature YellowCockatoo
File name:BBNO.bmp
File size:478 bytes
SHA256 hash: e39534aff450ccb61d730b90ea3b4788957f3dad513051f3cc99306ea4f5962f
MD5 hash: d8d28d4ed4389cc7315274f7f5fe8717
MIME type:image/bmp
Signature YellowCockatoo
File name:5
File size:308 bytes
SHA256 hash: 99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593
MD5 hash: f321ad13d1c3f35a05d67773b4bc27d6
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4087
File size:340 bytes
SHA256 hash: 722332742648b37e1de47d658bd08df9b0efd86b57f6fa87db0872e0d4901684
MD5 hash: 5171a90caf8678e4c786f3315e7d0147
MIME type:application/octet-stream
Signature YellowCockatoo
File name:BBOK.bmp
File size:478 bytes
SHA256 hash: c35f78ea460e7d4d733f8f47f916be6436f1808c466cc0af10ace95ed5fb736c
MD5 hash: 5f34f4622785bb3cbf03f4d25139c25f
MIME type:image/bmp
Signature YellowCockatoo
File name:32765
File size:20 bytes
SHA256 hash: a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb
MD5 hash: 0893f6ba80d82936ebe7a8216546cd9a
MIME type:application/vnd.lotus-1-2-3
Signature YellowCockatoo
File name:32764
File size:20 bytes
SHA256 hash: ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39
MD5 hash: 1ae28d964ba1a2b1b73cd813a32d4b40
MIME type:application/vnd.lotus-1-2-3
Signature YellowCockatoo
File name:4089
File size:852 bytes
SHA256 hash: d9a0df5de02dd847b1955ae174120eef9436e7735a7d02947ff87c35060aadf1
MD5 hash: 692a7f98ccd221417ae4ac35553c1826
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4091
File size:564 bytes
SHA256 hash: 8087b6f485dbc8b45ceed7b1120d0ca0567e5633c8dfe94041f3cac6e209b8ac
MD5 hash: 7b38e1bb059dea4e02e5c73de705d534
MIME type:application/octet-stream
Signature YellowCockatoo
File name:32762
File size:20 bytes
SHA256 hash: b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c
MD5 hash: aff0f5e372bd49ceb9f615b9a04c97df
MIME type:application/vnd.lotus-1-2-3
Signature YellowCockatoo
File name:RW
File size:313'530'000 bytes
SHA256 hash: 491c70f18f368a4a44254b88a733405dc8b9da1261ebca903cb14bcd653d635c
MD5 hash: c2885d9e0773e255b037ad9f7cc383b6
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4088
File size:1'176 bytes
SHA256 hash: 9c2584c988ef763ffa5c26e39fc575a44e52b7e7b44287ba0a5cd2348984acf2
MD5 hash: f7cfcc4586293bd0d5642dab5acd12ac
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4095
File size:856 bytes
SHA256 hash: 7b186924e5438e52e53f29035df7a4f31dd67f35fd1eb5473cba5405048df6e1
MD5 hash: c6e1c672551e7c63ab32b6add73e872c
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4085
File size:388 bytes
SHA256 hash: 1e2813b61575c674718dbc123ae89383c613868b39d9f19a27b9c6293fd4b5e7
MD5 hash: b70fb3a96aa725907977938b2edb3c6a
MIME type:application/x-stargallery-thm
Signature YellowCockatoo
File name:32767
File size:20 bytes
SHA256 hash: 326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1
MD5 hash: a95c7c78d0a0b30b87e3c4976e473508
MIME type:application/vnd.lotus-1-2-3
Signature YellowCockatoo
File name:4
File size:308 bytes
SHA256 hash: 9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8
MD5 hash: 9929115b21c2c59348058d4190392e75
MIME type:application/octet-stream
Signature YellowCockatoo
File name:PACKAGEINFO
File size:596 bytes
SHA256 hash: 00f15537c471cfb05582dcef719cdc003932fe3a0b9d74a0897cbe1cc6ceedf9
MD5 hash: 6affbe66562ff6364d12c7c8516e6e16
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4084
File size:576 bytes
SHA256 hash: 620c79ce00c5a5ad41a2f9d089f9ec577df2b6a26582b47b13c9e37fb59e0757
MD5 hash: 260661883abce15780a44e0fbf873fa9
MIME type:application/octet-stream
Signature YellowCockatoo
File name:BBRETRY.bmp
File size:478 bytes
SHA256 hash: bf5224d8ad0268449e28dbc24df64128638e098c2b7557bf533929b058df1d99
MD5 hash: 928a8af63d865b045c242a21840fcdd0
MIME type:image/bmp
Signature YellowCockatoo
File name:BBHELP.bmp
File size:478 bytes
SHA256 hash: e3a836db6d812705f3f34b505614948d46dc61bc1fe03908aaf85f53676c4193
MD5 hash: 7af64d39ef2dc82c4b65f3b54791561d
MIME type:image/bmp
Signature YellowCockatoo
File name:DATA
File size:914'944 bytes
SHA256 hash: d6b9ee79cd6704bfce46c7f52e8a9ab731712f03abf8e55c969993042e7442c2
MD5 hash: 1e663fa5c39bf2c256f41325d49707b2
MIME type:application/octet-stream
Signature YellowCockatoo
File name:DLGTEMPLATE
File size:82 bytes
SHA256 hash: 771f64afb45a9edc8c4f6c5b2039f9b32623cea53bf0cab5bf1f371cc5d1abe4
MD5 hash: db949b51eec31f37281a7fa424a3e158
MIME type:application/octet-stream
Signature YellowCockatoo
File name:3
File size:308 bytes
SHA256 hash: ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c
MD5 hash: a04c3c368cb37c07bd5f63e7e6841ebd
MIME type:application/octet-stream
Signature YellowCockatoo
File name:BBABORT.bmp
File size:478 bytes
SHA256 hash: 2ffe79a5ce4b620734d86a69c5173f4bad4beb4bddaec7b094deba85ba4cc74a
MD5 hash: 6ca37006db4e7bc3f7c5d380eef589e4
MIME type:image/bmp
Signature YellowCockatoo
File name:CODE
File size:311'296 bytes
SHA256 hash: 235a451b1aa8f044ed6a4b7f808f4b36ecc14f983fa4341d8641ebc60d237d82
MD5 hash: 47925f9b3487b583798ddd4b52825ec6
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4093
File size:436 bytes
SHA256 hash: 490f9355796a96874ad9d123678a906478fd8ba86c0ceee9482acf059f5c9ddc
MD5 hash: 94e38149f6746e50defbee69e6ac66d5
MIME type:application/octet-stream
Signature YellowCockatoo
File name:BBCLOSE.bmp
File size:478 bytes
SHA256 hash: be6c59e40bf15f04f38c7df4f87ce093ae2cdef90f213b58521c520dff000c03
MD5 hash: a8539fec2d414fcfa7a7081d6812c266
MIME type:image/bmp
Signature YellowCockatoo
File name:4090
File size:1'000 bytes
SHA256 hash: e3545d8fe699de2fb1537d4fcff27e44889764416796b8bbf2f71fe5dc0b4d99
MD5 hash: a4014d691bd664f03f435c316005d79a
MIME type:application/octet-stream
Signature YellowCockatoo
File name:2
File size:308 bytes
SHA256 hash: ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41
MD5 hash: 2e87b3c111e3073a841775c1f8ec5a90
MIME type:application/octet-stream
Signature YellowCockatoo
File name:DVCLAL
File size:16 bytes
SHA256 hash: 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
MD5 hash: d8090aba7197fbf9c7e2631c750965a8
MIME type:application/octet-stream
Signature YellowCockatoo
File name:PREVIEWGLYPH.bmp
File size:246 bytes
SHA256 hash: e53b636752155553c853a19bd1972ce2f2bb196661a69eec66391454955e1a42
MD5 hash: d83f09dc09bc6c6e7f69517ee70adf55
MIME type:image/bmp
Signature YellowCockatoo
File name:4092
File size:236 bytes
SHA256 hash: 26afa355a3a2ddfa48dc66f4b1a36a6427d76fc7c4879a257331e0a1549ea3b9
MD5 hash: 505601e39da20179c44757c61913506f
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4083
File size:340 bytes
SHA256 hash: 2da2a1c611ba7aafdced110f3ea2bf7d8a6f93edad178cd101e6a71ae28de721
MD5 hash: 51f1a5aa4768fb165a9a0c882a795d6d
MIME type:application/octet-stream
Signature YellowCockatoo
File name:4094
File size:996 bytes
SHA256 hash: 1842ebf764d5843e9f737302e07352e000131e0d2da2e199030ec644dd96de86
MD5 hash: 7f154c4a7c1431f947c407ff9986a3df
MIME type:application/octet-stream
Signature YellowCockatoo
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/53f94edcd6279d8ae7b4f704b25b58ca91c70f9d5efcd107e4e5c0fc0002370d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53f94edcd6279d8ae7b4f704b25b58ca91c70f9d5efcd107e4e5c0fc0002370d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kp4u5xgwe6oyvz5u64clew2yzki4od45l36ncb7e4xapyaacg4gq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221203-h69c9aab4w/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Drops startup file
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/53f94edcd6279d8ae7b4f704b25b58ca91c70f9d5efcd107e4e5c0fc0002370d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments