MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c657a0a83b60e8962a552753c3ae924772cf81a7f7100d06695432f4c117fe46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YellowCockatoo


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c657a0a83b60e8962a552753c3ae924772cf81a7f7100d06695432f4c117fe46
SHA3-384 hash: 9c6f2ad70c1ab3ba224738b042884e803f6209c48a6054c06e3dce144782fdcdab4ab253250c356ed2e5e1d69e213fbe
SHA1 hash: eeff505a4f4fa86c8662c0669057b9fba700cf44
MD5 hash: f885db7d9d3bd2e62cf05d6198dc80c6
humanhash: romeo-princess-lemon-muppet
File name:FABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZFGOPTnJQMIYlWR1cVMNPRpWHSYZZaGMKUVLDINPIE7NGsOBNhMjcB_OYQBCDIqUGNyzs.dll
Download: download sample
Signature YellowCockatoo
Create hunting rule
File size:1'007'616 bytes
First seen:2023-12-17 17:36:53 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:XxAZV00WofoHXjilT1G2pZlzij7kzwnnLChCTnTnG6csEhzvFVVi33J9jInk:Xu7f0jsTV8kknGhkTGsaJVVi33J9jI
Threatray 1 similar samples on MalwareBazaar
TLSH T15F25370473A1C960CB2C6AE46B97DB176B28A3FBF3C9BF4D1FAE5DB5160B92444480C5
TrID 35.4% (.EXE) Win64 Executable (generic) (10523/12/4)
22.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.1% (.EXE) Win32 Executable (generic) (4505/5/1)
6.9% (.ICL) Windows Icons Library (generic) (2059/9)
6.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SquiblydooBlog
Tags:dll Jupyter Polazert solarmarker YellowCockatoo

Intelligence

File Origin
# of uploads :
1
# of downloads :
349
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468171/
Detection(s):
SecuriteInfo.com.Trojan.PolazertNET.14.17447.24209.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
polazert redcap
Link:
https://www.filescan.io/uploads/657f31c1f4b6e5e1634dc60a/reports/d45bece1-3cd6-479d-8846-c4b1637a17f7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Solarmarker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e89ec4e2-d140-4bc9-8cad-aea0be2ab253
Result
Threat name:
Jupyter
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1363654
Signature
Multi AV Scanner detection for submitted file
Sample uses string decryption to hide its real strings
Yara detected Jupyter
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1363654 Sample: IqUGNyzs.dll Startdate: 17/12/2023 Architecture: WINDOWS Score: 60 15 Multi AV Scanner detection for submitted file 2->15 17 Yara detected Jupyter 2->17 19 Sample uses string decryption to hide its real strings 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Score:
82%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c657a0a83b60e8962a552753c3ae924772cf81a7f7100d06695432f4c117fe46
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c657a0a83b60e8962a552753c3ae924772cf81a7f7100d06695432f4c117fe46/
Threat name:
Win32.Spyware.Solarmarker
Create hunting rule
Status:
Malicious
First seen:
2023-12-13 15:53:20 UTC
File Type:
PE (.Net Dll)
AV detection:
15 of 23 (65.22%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yzl2bkb3mdujmksve5j4hlusi5zm7anh64ia2btjkqzpjqix7zda._file
Verdict:
malicious
Similar samples:
c657a0a83b60e8962a552753c3ae924772cf81a7f7100d06695432f4c117fe46
YellowCockatoo
Result
Malware family:
jupyter
Create hunting rule
Score:
  10/10
Tags:
family:jupyter
Link:
https://tria.ge/reports/231217-v65raagfa5/
Unpacked files
SH256 hash:
c657a0a83b60e8962a552753c3ae924772cf81a7f7100d06695432f4c117fe46
MD5 hash:
f885db7d9d3bd2e62cf05d6198dc80c6
SHA1 hash:
eeff505a4f4fa86c8662c0669057b9fba700cf44
Detections:
SolarmarkerStage2
Create hunting rule
win_solarmarker_bytecodes
Create hunting rule
Link:
https://www.unpac.me/results/bb894c3f-e0bc-452c-9803-2c0f488d944d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
solarmarker
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c657a0a83b60e8962a552753c3ae924772cf81a7f7100d06695432f4c117fe46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/468171/

Comments