MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54446099158a525a638b624d85af6d3530970e9050a8b34d4130d1fbbad2dba3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA 2 File information Comments

SHA256 hash:	54446099158a525a638b624d85af6d3530970e9050a8b34d4130d1fbbad2dba3
SHA3-384 hash:	04c4be085fe5c73d62f511b498666e951fc076a5e8ed0cbef6ffe1f54cbfce0e53c719d7b89f12e2640e0b7dc21b40d5
SHA1 hash:	6cbf4a58dee7de517eeb8f584c06c19886659ab6
MD5 hash:	9109521eed2b297ef70d82dda9b06991
humanhash:	low-quebec-enemy-football
File name:	7027920fa28da078139abd169a2d5a6b
Download:	download sample
File size:	5'561'848 bytes
First seen:	2020-11-17 12:46:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	223d0574dd598bea0ae79630c48ebf80 (3 x Emotet, 1 x DemonWare, 1 x CobaltStrike)
ssdeep	98304:WAwqnWvwoPllMWHuXMWxbTqZK2I+GaH9c9oQxTdTg78IF9xcopgsF9+4A:7wqPoP1HCxb/+Gvg78IF9xcMgsbVA
Threatray	6 similar samples on MalwareBazaar
TLSH	69463369F8D0D6B6C0B31C3968F2DB36A62E7A740B04D56BC6C472C88D717D0BAE8C55
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Running batch commands

Creating a process with a hidden window

Deleting a recently created file

Launching a process

Creating a file

Connection attempt

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/54446099158a525a638b624d85af6d3530970e9050a8b34d4130d1fbbad2dba3/

Threat name:

Win32.Trojan.Ymacco

Status:

Malicious

First seen:

2020-11-17 12:51:26 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Verdict:

unknown

2c9a56116d34514c98f71a77cd80ab3b32d6523b2d7aa9b89b6e4f5c1cd8a8df

434ea880ad59cffded73a776f3a01a75e6afef21fc6dca45b364fd3f0ba54de3

4970f05913aa3f02abc082a82fbf8cf2fc36995b898786cde396b93dce74b859

95e35f1614df92a318a749a8f62a35b9c03f2f34f08ad5606b45c9d817ff1d93

fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201117-64mk6m4w5j/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

JavaScript code in executable

Loads dropped DLL

Unpacked files

SH256 hash:

54446099158a525a638b624d85af6d3530970e9050a8b34d4130d1fbbad2dba3

MD5 hash:

9109521eed2b297ef70d82dda9b06991

SHA1 hash:

6cbf4a58dee7de517eeb8f584c06c19886659ab6

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

4b02b4ee12d2a05399db5e06518567c004502b3f69cb8bb905e475709d1a1a3e

MD5 hash:

1254d329563961d63985cfabce6894c0

SHA1 hash:

18878c9a0c06e287a2cc71c805b6c6c925cbbe44

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

75bf68e91e3e4bf71f656c404c35925b0e7caac6a6220164e30f802846353a9a

MD5 hash:

f04a7e3f17a76c525149565a5e503d66

SHA1 hash:

29c7b22511c2178975afd5f394f77a3b9543b76a

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

53f0cfdba727fb4204d3308143361a8aaa3dc97bca8bd1015d5e37aa8435741e

MD5 hash:

f893e984837ad8fb018800ece9de2519

SHA1 hash:

3783b21591792e74bf9b8c6604458051dfaec68e

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

963c902b294944d5502bb3560d8b693855c8554508b1a8bd87e0e072ae4ab5b7

MD5 hash:

52e05540d502e5e736cff8ce9213b7ac

SHA1 hash:

3fd883d3178332bfbe556434bf41d43b38ea481b

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

460d4e59a97e386e5d271f945f74fa2d3b04e28ae407f6f1ed0200a587b8d583

MD5 hash:

060fa4fb5b597dced0c9453e595b52e6

SHA1 hash:

9bd1fb61ba478f72445851e975b6ae0a7af91dc9

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

3e01549a226389bb04943e4a28869799a3379188d628785a39d441dc2d6a92d8

MD5 hash:

6bab366b46331be9b021c0adb5cb2466

SHA1 hash:

f16d310dced0f6207f17d31e04bb21de15f48764

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

7acc14b64b02ac46366d98ae686c1ef49880dbb4e272da230516e8e0799c5d77

MD5 hash:

eaba531226c170590f44d4c39833e508

SHA1 hash:

3ae40f79253d97745104c18b3f18615910080284

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

Parent samples :

b3ac6519ed465d75e4b6af4311def3c3d40ca5c0465cdbb13837b1aa97e848ce
4b0d363ddceeaa55a4fd574915f4cbf4978d38f1cc99de6aa50d10e5c525148f

SH256 hash:

7833e1caf477671dfe152d72b59eba32567d222d6f3405e65ecf234e25f3d8c1

MD5 hash:

674aaa98bf6eef6984e3006628e1f913

SHA1 hash:

3ff9c87fd4c5b775ebf0506651097ebd0f7c1971

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

db94dec85e43173d765394528932c88e02aadd1a04c9d0537e45bf22c1b9c7a4

MD5 hash:

e11a4656c149683873d52967326e10cf

SHA1 hash:

a5739d0f91d7806777629a85d495b790c283c3e2

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

SH256 hash:

6514268cc7d4dec64cdbc8e5c0ef38b68e4c5a4989d5e1297927a5dc5abca315

MD5 hash:

f7656b05b95cc4efc585e6bcd0e48ecb

SHA1 hash:

3fe0b58ba7f32a76efe6393e6e1fdb6e0e482a45

Link:

https://www.unpac.me/results/4fbef23e-a472-453a-b853-9bd900642d11/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	PE_File_pyinstaller Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)
Description:	Detect PE file produced by pyinstaller
Reference:	https://isc.sans.edu/diary/21057

Rule name:	PyInstaller Create hunting rule
Author:	@bartblaze
Description:	Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample