MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f857356716201ad76f53ff847644b230f54859c442f6f0ff35c2dc5ee2879374. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YellowCockatoo


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f857356716201ad76f53ff847644b230f54859c442f6f0ff35c2dc5ee2879374
SHA3-384 hash: 7a766b7724c7ace4bdb63129a69a64ab44ec33dc82322f9f3f91160faf101e14d5ce9a88cf037742d085579bb8de52d1
SHA1 hash: 267b4c02465b5cfc1cf82f917aecdf558a9df8e7
MD5 hash: 1aecf6172176ca3834617162b5d5cf17
humanhash: apart-winter-nine-winter
File name:installer-bundle.zip
Download: download sample
Signature YellowCockatoo
Create hunting rule
File size:2'999'684 bytes
First seen:2024-05-09 14:37:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:krgcduPD6Rgv9oB1KCHZfuXn5ip1k9FtNOaQTjrjcMr1aCdifcuhu241:3cdwm2loB1KGZfK5OJdf9ach
TLSH T131D5AB333D683B368D70C5309D9BA9F01AB59010ECE86BDB4B161A89DD76CDD1CB98E1
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter SquiblydooBlog
Tags:file-pumped Jupyter Polazert solarmarker YellowCockatoo zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
464
Origin country :
US US
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:installer-bundle.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:310'211'120 bytes
SHA256 hash: 6c59f4f268f1ce1d85cdf9169e81464bb950ec572ea1e3ab9cc4ff4a75589435
MD5 hash: 8681810e6e93e8fead8a415e1b38c8c2
De-pumped file size:310'206'464 bytes (Vs. original size of 310'211'120 bytes)
De-pumped SHA256 hash: d6706462228041cea3b796647bb6840f71099faf5a6f7f248295af43fd758069
De-pumped MD5 hash: 5cb283917b711e9fe67e015a04cb1fc6
MIME type:application/x-dosexec
Signature YellowCockatoo
Vendor Threat Intelligence
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/f857356716201ad76f53ff847644b230f54859c442f6f0ff35c2dc5ee2879374/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Verdict:
Suspicious
Labled as:
Troj/SolarM
Link:
https://www.hybrid-analysis.com/sample/f857356716201ad76f53ff847644b230f54859c442f6f0ff35c2dc5ee2879374
Score:
91%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/f857356716201ad76f53ff847644b230f54859c442f6f0ff35c2dc5ee2879374
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f857356716201ad76f53ff847644b230f54859c442f6f0ff35c2dc5ee2879374/
Threat name:
Script-PowerShell.Trojan.Hulk
Create hunting rule
Status:
Malicious
First seen:
2024-05-09 14:38:05 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7bltkzyweanno32t76chmrfsgd2uqwoeil3pb7zvylof5yuhsn2a._file
Result
Malware family:
jupyter
Create hunting rule
Score:
  10/10
Tags:
family:jupyter backdoor stealer trojan
Link:
https://tria.ge/reports/240509-r6z91sfc2z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Jupyter, SolarMarker
Malware Config
C2 Extraction:
146.70.158.83
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
solarmarker
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f857356716201ad76f53ff847644b230f54859c442f6f0ff35c2dc5ee2879374

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments