MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 774c3c82a6ba75819070cca4d14f0df9329ebfe5b4dbb2e61423f95281ae7e6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 774c3c82a6ba75819070cca4d14f0df9329ebfe5b4dbb2e61423f95281ae7e6d
SHA3-384 hash: 047a7eac3924820e01ae84c93d9c9b6186a18f866eeeb26db02c67f8c2fe0d35a88603b2cd0ba01ce9c68fc032b6caad
SHA1 hash: 885b9510982e0713a8f036d404c1ab23f34a7b60
MD5 hash: 3964898dbb55586bf55556ab95bf277b
humanhash: july-twelve-sodium-nuts
File name:YamyNuked.exe
Download: download sample
File size:22'215'759 bytes
First seen:2021-10-21 23:59:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cd74c16e19de02339ba1d593de4c426e (5 x njrat)
ssdeep 393216:aIWJOAlh2pbkRCXVmrMLUWCVBuwBcfjSvNUCLGWJORkRCXVmrNAHEWryy1Cht:aI+OWQpg2mrMLYBbcbSvNe+OG2mryHEp
Threatray 41 similar samples on MalwareBazaar
TLSH T18727332437606EFAE0B94177C82C853296B1F81B1741C14B869C96A63F837B9AD7CFD1
File icon (PE):PE icon
dhash icon 60e0d42de99f8c89
Reporter JaffaCakes118
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
YamyNuked.rar
Verdict:
Malicious activity
Analysis date:
2021-10-21 23:59:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5e7d2dfc-66b7-4964-aca0-d67504b9b292

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Dropper.Bifrose-6983135-0
Create hunting rule

Win.Trojan.Bifrose-6794828-0
Create hunting rule

Win.Trojan.Bifrose-28223
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bifrose bladabindi greyware greyware overlay packed
Link:
https://www.filescan.io/uploads/6171ff07db358dd15ed0e469/reports/e0700198-c732-4151-9217-0acc28576ce9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Discord Token Grabber
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/874944
Signature
Antivirus / Scanner detection for submitted sample
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Discord Token Grabber
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 507369 Sample: YamyNuked.exe Startdate: 22/10/2021 Architecture: WINDOWS Score: 84 53 Antivirus / Scanner detection for submitted sample 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 Yara detected Discord Token Grabber 2->57 59 2 other signatures 2->59 7 YamyNuked.exe 3 2->7         started        process3 file4 27 C:\Users\user\AppData\Local\Temp\main.exe, PE32+ 7->27 dropped 29 C:\Users\user\AppData\Local\...\YamyNuke.exe, PE32+ 7->29 dropped 10 main.exe 118 7->10         started        14 YamyNuke.exe 35 7->14         started        process5 file6 31 C:\Users\user\AppData\Local\...\win32wnet.pyd, PE32+ 10->31 dropped 33 C:\Users\user\AppData\Local\...\win32ui.pyd, PE32+ 10->33 dropped 35 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 10->35 dropped 43 67 other files (none is malicious) 10->43 dropped 63 May check the online IP address of the machine 10->63 16 main.exe 8 10->16         started        37 C:\Users\...\_quoting_c.cp38-win_amd64.pyd, PE32+ 14->37 dropped 39 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 14->39 dropped 41 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 14->41 dropped 45 23 other files (none is malicious) 14->45 dropped 65 Potentially malicious time measurement code found 14->65 21 YamyNuke.exe 1 14->21         started        23 conhost.exe 14->23         started        signatures7 process8 dnsIp9 47 pastebin.com 104.23.99.190, 443, 49788 CLOUDFLARENETUS United States 16->47 49 162.159.128.233, 443, 49806 CLOUDFLARENETUS United States 16->49 51 4 other IPs or domains 16->51 25 C:\Users\user\AppData\Local\...\Cookies2, SQLite 16->25 dropped 61 Tries to harvest and steal browser information (history, passwords, etc) 16->61 file10 signatures11
Gathering data
Threat name:
Win32.Backdoor.Bifrost
Create hunting rule
Status:
Malicious
First seen:
2021-10-22 00:00:09 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358
089b3975338c69d1c8ae96cec13328459e8208c7cf9c88ce98896b90697c140b
096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e
314f7cd6f05ec806c204001478d0498bcaed44acb7648f4961faabef6562fe47
4a70b909dbe668d0d2c5241dc582acb90c8820acb436a1ecbb620019e93fbda8
684aa3d044556d1883bed06b737a297eac301d14872e1813b0e5cd78cefaa95d
8d3c6da3f4d6513a1d38058a6cf6028e0c07210a5c0509f47150152362093636
a267a87d74e15c2b281f4268cf1e3d7e5c5586cf856549528e42d9436e04c9b9
aa7021b2e15ae62168b9734f62bd01c59f2e93be1e7937e74a599fb63360915a
da23dacc9e28905b0cc9f0724e182e8963525162b177d023c0c859e8fee09d43
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
pyinstaller spyware stealer
Link:
https://tria.ge/reports/211022-aacemsbhbl/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Detects Pyinstaller
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/774c3c82a6ba75819070cca4d14f0df9329ebfe5b4dbb2e61423f95281ae7e6d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 774c3c82a6ba75819070cca4d14f0df9329ebfe5b4dbb2e61423f95281ae7e6d

(this sample)

  
Delivery method
Distributed via web download

Comments