MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YellowCockatoo


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317
SHA3-384 hash: 1ce8791ba0f443f2c81c0796c69d4309f93588a10fb7d10f9169526b92ff7511aed3af76fd093bb3936475c21a8fbdab
SHA1 hash: d8bc9470f380d7cc5863810ed834e0831f296661
MD5 hash: 411c42df8bb6b851d363a8669318f5fd
humanhash: mango-queen-zebra-victor
File name:Installer.zip
Download: download sample
Signature YellowCockatoo
Create hunting rule
File size:17'601'898 bytes
First seen:2024-03-05 23:36:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:L7d1ETEkmpnpdtIJPAIf5MV6oub01DKYPB+yBjw1KTqdn:1STWJpdtC4Ifa9oo+oBjwR
TLSH T11C07556B6CB3C7C46BA74567EFE1C1CF7E263B5D2A73251C406AC2CFD50A901A8598C8
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter SquiblydooBlog
Tags:file-pumped Jupyter Polazert solarmarker YellowCockatoo zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
319
Origin country :
US US
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Installer.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:343'596'064 bytes
SHA256 hash: fbef401c6a7ad24640f6b6583aa0d0fa02aa895c47ab08e68b0e6e312d1b42a5
MD5 hash: 7e25fdb1932480e3e6ec31b22d08c19e
De-pumped file size:343'587'840 bytes (Vs. original size of 343'596'064 bytes)
De-pumped SHA256 hash: f88eab2db5c2441244832c79dfc55dd46ac250b74e47e8810c6fde4057457b01
De-pumped MD5 hash: 95b7f5a3d987424076c311f386a508b7
MIME type:application/x-dosexec
Signature YellowCockatoo
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm large-file overlay packed stealer
Link:
https://www.filescan.io/uploads/65e7aca07d778a9eef66f7f4/reports/d526c10a-a6d3-4948-b17b-8c40d39a7f67/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317
Score:
-100%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317/
Threat name:
ByteCode-MSIL.Spyware.Solarmarker
Create hunting rule
Status:
Malicious
First seen:
2024-03-05 23:37:07 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
7 of 38 (18.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7czkogruc4qhntdf6forj3kdbgnb3xykffh74nggabfoimfbamlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
Link:
https://yomi.yoroi.company/submissions/f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments