MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad28a67a8f31c9cc363e1dd27ea9e226de97ead72ca696a7911b8d65b4e9a8fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad28a67a8f31c9cc363e1dd27ea9e226de97ead72ca696a7911b8d65b4e9a8fc
SHA3-384 hash: 050af35fdc40881d6abcc983ad641929769fde13b2ee8aba83e5387546316774db04768dc8a8553be19aad11df9ddaab
SHA1 hash: e945b4dcf9e82a57abd50d06a4cb28bbc34cb32a
MD5 hash: 02f1aa1bfae7f3f070416fbb32236b78
humanhash: twelve-steak-south-johnny
File name:8109f3c3c81af8f1356e604b491dd061
Download: download sample
File size:5'810'176 bytes
First seen:2020-11-17 11:54:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 93a138801d9601e4c36e6274c8b9d111 (11 x CobaltStrike, 9 x Snatch, 8 x LaplasClipper)
ssdeep 98304:JIE+0OHR3l/5bvshSQ0tc1H0os+At7bkPOA986Dn8MjEu65KI:Jy0c1ShwGHCbE9jD8Fu65
Threatray 40 similar samples on MalwareBazaar
TLSH BA468C50F9DF64F5EB83463049B6A27F7334A1098325DFC3DA448EABF8576D60A32252
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ad28a67a8f31c9cc363e1dd27ea9e226de97ead72ca696a7911b8d65b4e9a8fc/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:57:05 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03420a335457e352e614dd511f8b03a7a8af600ca67970549d4f27543a151bcf
22adb7035a25bc288cb78f323f52c1c33a9e5113b387644da2947a3a1512e64f
34c2eed8a266d3b5221bb51f0b5a59712b01d0b339a1db8f626688cb8fb81030
43c222eea7f1e367757e587b13bf17019f29bd61c07d20cbee14c4d66d43a71f
46ee7aa3a8e37caeafb8716ef015b48f5c319336e16c4772b7ddd50bd4e56bdf
482027d0e151826c175ff084f6e76ce4ca3a920ca648fc2d5906ed0a793fe8ad
9272b247337fb357b642d0aa7227f2be68a965ad5cbc7b03810ca9052bbb84dc
aee048b20edd9abb8eff89b51d3c20e4ae4bfb9df25ca920cb9348f4d98ec3db
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-ek53d4rv2j/
Behaviour
GoLang User-Agent
Looks up external IP address via web service
Unpacked files
SH256 hash:
ad28a67a8f31c9cc363e1dd27ea9e226de97ead72ca696a7911b8d65b4e9a8fc
MD5 hash:
02f1aa1bfae7f3f070416fbb32236b78
SHA1 hash:
e945b4dcf9e82a57abd50d06a4cb28bbc34cb32a
Link:
https://www.unpac.me/results/876dc396-0ed8-48b5-b537-a684d77f655b/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments