MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77a8054888454def0e4c13a8b864560a918bb13a0cd80c5c73f5fe9ddbc45bef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77a8054888454def0e4c13a8b864560a918bb13a0cd80c5c73f5fe9ddbc45bef
SHA3-384 hash: ea54e832619b55047cd6082501ff4f3e0375da168135145aa01bd1341ba97135d6c3c010f3d0fb1471b4971483031778
SHA1 hash: 0ac18d2838ce41fe0bdc2ffca98106cadfa0e9b5
MD5 hash: 8a738f0e16c427c9de68f370b2363230
humanhash: yellow-lima-beryllium-foxtrot
File name:a11.jpg.ps1.dll
Download: download sample
File size:42'496 bytes
First seen:2020-09-07 09:15:00 UTC
Last seen:2020-09-07 09:42:50 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 768:aqWUJLwzsc5oxrpHt4XeTpOuttpTD10x+kE9/7RP:BUGx38eTcuttVD1hT1RP
TLSH 0813AF033370FD34D27B2A77CC9A1504077CE686BE02EB3E6D99A36A98537E40D1269D
Reporter oppimaniac

Intelligence

File Origin
# of uploads :
2
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57645/
Detection(s):
SecuriteInfo.com.Generic.mg.8a738f0e16c427c9.27589.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77a8054888454def0e4c13a8b864560a918bb13a0cd80c5c73f5fe9ddbc45bef/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-09-07 09:19:04 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200907-gywzfd7a6a/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/77a8054888454def0e4c13a8b864560a918bb13a0cd80c5c73f5fe9ddbc45bef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/57645/

Comments