MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YellowCockatoo


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729
SHA3-384 hash: cc1c32de4243006ad807304036e361d3c7855249ffba73499d30b479c6ce6a907c03eef9dbdb60005fb0f72b028f1f42
SHA1 hash: 0b84d93d4e1611730c5f23e09b137af1b9757578
MD5 hash: fa07b1b0d82a8de8ba2033de4f4f4280
humanhash: mexico-mobile-undress-solar
File name:install-x86.zip
Download: download sample
Signature YellowCockatoo
Create hunting rule
File size:2'619'094 bytes
First seen:2024-06-04 18:35:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DP9S08M5hS6685MettI6/JBc8SsKe8JbUWUOPdfHB:BS08M5hSNEtP/TL1KH1U4d5
TLSH T173C544BD6C8771ABA0EB3DE22C58C4BB01B7953DF9CE1E84607681C9C2195BBF12146D
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter SquiblydooBlog
Tags:file-pumped Jupyter Plus 5 XP Corporation Polazert solarmarker YellowCockatoo zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
463
Origin country :
US US
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:install-x86.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:320'184'360 bytes
SHA256 hash: 96512386ea92612cd3c09c377f6a62e1df7a940ce4e46ca5562d75a1017413c9
MD5 hash: 0435a86a984c46c27a96f0ef45c8f195
De-pumped file size:320'179'712 bytes (Vs. original size of 320'184'360 bytes)
De-pumped SHA256 hash: 6643d73332e1dcb6a2c7166187512f8b3d2cc331ad068650096ace8835d2258c
De-pumped MD5 hash: 90e58ebc8360ad718d9d54b07a1ba28c
MIME type:application/x-dosexec
Signature YellowCockatoo
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729
Score:
99%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2024-06-04 18:36:06 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xiap3sjm5ktgmewnuuvhoc62pfq7rtxfchtrjnw3eccyh2pua4uq._file
Result
Malware family:
jupyter
Create hunting rule
Score:
  10/10
Tags:
family:jupyter backdoor stealer trojan
Link:
https://tria.ge/reports/240604-ysqxraae75/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Jupyter, SolarMarker
Malware Config
C2 Extraction:
68.233.238.123
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ba00fdc92ceaa66612cda52a770bda7961f8cee511e714b6db208583e9f40729

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments