MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash:	8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd
SHA3-384 hash:	02b0518c7c818a5179fc6b8e99897ba07943f9f4b5fc97561b13d686b149b9b4ac74f5795ea4cd822e9e873a622fd755
SHA1 hash:	930507375ac33bbb5208784ec2dbe8f25dc05df7
MD5 hash:	f0b96efe2f714e7bddf76cc90a8b8c88
humanhash:	oklahoma-romeo-oxygen-quebec
File name:	8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd
Download:	download sample
File size:	5'330'176 bytes
First seen:	2021-07-12 07:09:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	93a138801d9601e4c36e6274c8b9d111 (11 x CobaltStrike, 9 x Snatch, 8 x LaplasClipper)
ssdeep	49152:B/sHYnflBMdfILfjx/x6cdR+lMO7FDY/7a1B7ykN/05l1UTDDy2j3yXBQWz5g+A2:hskHMObnpOhDY/gimTvPjl+A2
Threatray	147 similar samples on MalwareBazaar
TLSH	T1C1363B07FCA605F5C6BEF5348652A3227A7178A943313BD31F949A7A1626FE07A3D310
Reporter	JAMESWT_WT
Tags:	BIOPASS exe signed

Code Signing Certificate

Organisation:	Happytuk Co.,Ltd.
Issuer:	Symantec Class 3 SHA256 Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2018-09-06T00:00:00Z
Valid to:	2021-10-05T23:59:59Z
Serial number:	0ed4df1033393ff2af41c571a6aa19d7
Intelligence:	6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	f78de1e59df2eac7901d4fa7d66e9818204a5c4c9b630bb2ff9439c2dea8b5b5
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

https://jquery-code.ml/Download/Browser_Plugin.exe

Verdict:

Suspicious activity

Analysis date:

2021-07-03 09:22:04 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3fc9e83b-1ac4-42fd-8520-cf9d2129c761

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/170946/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader39.55274.28342.3784.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/df53fa8f-5f4d-4e8f-87ba-2558c6717b98

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

n/a

Score:

36 / 100

Link:

https://www.joesandbox.com/analysis/814630

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd/

Threat name:

Win64.Trojan.Ymacco

Status:

Malicious

First seen:

2021-06-10 08:08:20 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

22 of 46 (47.83%)

Threat level:

5/5

Verdict:

malicious

7ac0238cad41d79e2fa25d52f32f6d670aeacdbc995de3125c657ebfd9edad2a

9f34d28562e7e1e3721bbf679c58aa8f5898995ed999a641f26de120f3a42cf4

b9d0838be8952ebd4218c8f548ce94901f789ec1e32f5eaf46733f0c94c77999

ba44c22a3224c3a201202b69d86df2a78f0cd1d4ac1119eb29cae33f09027a9a

bd8dc7e3909f6663c0fff653d7afbca2b89f2e9bc6f27adaab27f640ccf52975

c8542bffc7a2074b8d84c4de5f18e3c8ced30b1f6edc13047ce99794b388285c

d18d84d32a340d20ab07a36f9e4b959495ecd88d7b0e9799399fcc4e959f536b

e4109875e84b3e9952ef362abc5b826c003b3d0b1b06d530832359906b0b8831

fb812a2ccdab0a9703e8e4e12c479ff809a72899374c1abf06aef55abbbf8edc

+ 137 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210712-epnyrhhngx/

Behaviour

GoLang User-Agent

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd

MD5 hash:

f0b96efe2f714e7bddf76cc90a8b8c88

SHA1 hash:

930507375ac33bbb5208784ec2dbe8f25dc05df7

Link:

https://www.unpac.me/results/33250b16-115a-47c5-8b15-b1b6b3333768/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Keylog_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Contains Keylog

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/170946/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample