MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f77a9875dbf1a1807082117d69bdbdd14eaa112996962f613de4204db34faba7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f77a9875dbf1a1807082117d69bdbdd14eaa112996962f613de4204db34faba7
SHA3-384 hash: 5ab1ba7dbcccddfcd937b832aa60e19195dcca90d8108a102f3238e73903f59053f35b2b996875d633deb99be25a8241
SHA1 hash: 681de106d387c41913863547c70ee66a1e9fbdc6
MD5 hash: 9a00ebe67d833edb70ed6dd0f4652592
humanhash: johnny-chicken-montana-fillet
File name:bkdr.dll
Download: download sample
File size:141'312 bytes
First seen:2020-09-07 07:09:25 UTC
Last seen:2020-09-07 07:41:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9a2523df745e113c44c50c554eb75d2b (1 x Lazarus)
ssdeep 3072:WSCaLYBvRrV/faT81zidf48PbMZRj/J5j8Px:PLqvRJ/faTndf48PgZ5Q5
TLSH B4D3F64BB2E912FBC4BB923495A76716BA72FC060735978F420067671F337E1AD2A314
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57617/
Detection(s):
SecuriteInfo.com.Generic.mg.9a00ebe67d833edb.28797.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f77a9875dbf1a1807082117d69bdbdd14eaa112996962f613de4204db34faba7/
Threat name:
Win64.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 10:32:58 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200907-zfgztzwwks/
Behaviour
Gathers network information
Modifies system certificate store
Suspicious use of WriteProcessMemory
Gathers network information
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies service
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f77a9875dbf1a1807082117d69bdbdd14eaa112996962f613de4204db34faba7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/57617/

Comments