MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99af27441ed0cf1933b2d8a329d444b6ba243399f44d0babf4a0abba95e860c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YellowCockatoo


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99af27441ed0cf1933b2d8a329d444b6ba243399f44d0babf4a0abba95e860c6
SHA3-384 hash: 32e2b9cd399537b60f1b72a214b569e7a7e61364e495c20efff166a3bf3e25c5e7b7683b50b6d240c50ca3b6c2c3e02c
SHA1 hash: 95f42010ac4d9ea61818c12e56d637b829f8dc65
MD5 hash: cef8034e4baddd809b50138e11d84bf5
humanhash: fourteen-william-crazy-north
File name:install-dist64.zip
Download: download sample
Signature YellowCockatoo
Create hunting rule
File size:3'905'570 bytes
First seen:2023-12-17 17:36:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:9Pc5MDe2BX5P0cybJGUZ4fyQe71cYeSent81TOlAy9Yct6A:9PEAe2BX5P01GZfy18ZtoTOGy9bn
TLSH T1CF0613AC7418134EFA940F09F2D8DE1940BAD693832B5A32327439ED62D3F192F55B5B
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter SquiblydooBlog
Tags:file-pumped Jupyter Polazert solarmarker YellowCockatoo zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
230
Origin country :
US US
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:install-dist64.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:318'230'088 bytes
SHA256 hash: 9dc4e8a0d45b04b1b4bc2df2a16aa37e5597624feed3b53a9c5ca2929a2fb6c3
MD5 hash: 457a14fa80b478c31a337ff8ef29362c
De-pumped file size:318'220'288 bytes (Vs. original size of 318'230'088 bytes)
De-pumped SHA256 hash: 45d20c732f069dc566c4beeaae60acb0b3a0369ccb3bc64e1226933a335cf5f8
De-pumped MD5 hash: a11fb43cd4cacc9eb4872adee0e14950
MIME type:application/x-dosexec
Signature YellowCockatoo
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Hulk.Gen.9.9914.21484.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
large-file overlay packed powershell
Link:
https://www.filescan.io/uploads/657f31c0b855eb3693e22c48/reports/d6be90a9-62f3-453f-a0f8-b12a324f3c38/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/99af27441ed0cf1933b2d8a329d444b6ba243399f44d0babf4a0abba95e860c6
Score:
83%
Verdict:
Malware
File Type:
Archive
Link:
https://malprob.io/report/99af27441ed0cf1933b2d8a329d444b6ba243399f44d0babf4a0abba95e860c6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99af27441ed0cf1933b2d8a329d444b6ba243399f44d0babf4a0abba95e860c6/
Threat name:
Script-PowerShell.Trojan.Hulk
Create hunting rule
Status:
Malicious
First seen:
2023-12-17 17:37:06 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
9 of 37 (24.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tgxsora62dhrsm5s3crstvcew25cim4z6rgqxk7uucv3vfpimdda._file
Result
Malware family:
jupyter
Create hunting rule
Score:
  10/10
Tags:
family:jupyter backdoor stealer trojan
Link:
https://tria.ge/reports/231217-w9f3rsfcdn/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Jupyter, SolarMarker
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
solarmarker
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/99af27441ed0cf1933b2d8a329d444b6ba243399f44d0babf4a0abba95e860c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments