MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba835de261dd08cdd3e57dbd214273e02d1b962342191213e223077b29370057. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba835de261dd08cdd3e57dbd214273e02d1b962342191213e223077b29370057
SHA3-384 hash: 2bfc1c51b8b0ff5328a8ecfc5f8e95cbce2f92e04f33defba24dd40abd7b0e8beaf59a7638c3f539dc7409c485331bca
SHA1 hash: b857f49c9b51f79203d3294456d550ed43ee57f4
MD5 hash: bae1fa9461eafc9faf451bd54830109a
humanhash: zulu-apart-tango-white
File name:6552fa8542dfdff3191bb1e8101141bd
Download: download sample
File size:762'368 bytes
First seen:2020-11-17 11:44:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:RJWhCAlemxXGS9Wjy7ABzeMOJRyXSLviUBGJn9cV/SsRg9xi9kQhClxDe:uKyEYzKEiUBG+os+9xi9kQorD
Threatray 22 similar samples on MalwareBazaar
TLSH 01F4BED7A3A82F67E03DD3B959285815C3F0ED62D7A2DB4D7C9E31CE8890F418B6150A
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/539379
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba835de261dd08cdd3e57dbd214273e02d1b962342191213e223077b29370057/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:46:06 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
2a2cdfecba906f227e37060568e74abcecd85612c7f717522d75b59937a3a691
436fdd814820def5e208ef0ed29038a5f4b0e84b418694591c926b6961e1203f
56a11ac0cd03e932886e623809ba8e27f42e3d438e0b98fdfd56e41d8c38607d
5d878c5a698cccac343fc6b80d140aa321fa9a97aec968abc55b25f1658bffe6
619d9096cb708a01989167ca3444d7b47e765a87e063ce7e6b190e0a951f20db
67022a9257f711a8c6287fd668c24d8ded9cefbbe1b0e5cf299a1fd9a03fc29f
c89ff2ee5d641439d21cd2d45657c4e3766000b514c43be672f40c88325cee1a
d993500037d8227b21922cf05a2838753575ef187d782eb656c86df24d60776d
fa789875b40eca3ae99afa6390d67b134a0a193938a484805b0d471a8c12febe
ffe1091d91fe1df3b8149d32b84ecfe8d81e42a493833d15dd674c0f2763a0a9
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-h7vf3n4xqn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
ba835de261dd08cdd3e57dbd214273e02d1b962342191213e223077b29370057
MD5 hash:
bae1fa9461eafc9faf451bd54830109a
SHA1 hash:
b857f49c9b51f79203d3294456d550ed43ee57f4
Link:
https://www.unpac.me/results/66dcef03-da09-413c-a3c8-05dd740dfe32/
SH256 hash:
515d002b65380cd776f102871e7d761851461236db8db13e9689ea472b2b05bd
MD5 hash:
189f55c16df7e9eddf488835cbdc3f7e
SHA1 hash:
1a3d3d710f4291150e1c1355a879713e48e01c0d
Link:
https://www.unpac.me/results/66dcef03-da09-413c-a3c8-05dd740dfe32/
SH256 hash:
c8671a87d685f2354d96f3cfcad530dfa5f3ec535a0f5ec14940d81fb857813b
MD5 hash:
b5358f677850210361f573c7d249c258
SHA1 hash:
215e06e319515d779efa88f7c05b343d6ec3f6a5
Link:
https://www.unpac.me/results/66dcef03-da09-413c-a3c8-05dd740dfe32/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments