MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9b7ef320dd7f76be9bdf12f14f0875a9f52165b989376cd1f2e2d23cdb52fe5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f9b7ef320dd7f76be9bdf12f14f0875a9f52165b989376cd1f2e2d23cdb52fe5
SHA3-384 hash:	0c5d0692a451beed8d526a8689564a69af83b40f191f8a6c3b23f23b175fa43a5e5848fb4c48ac4eca27770dbf373904
SHA1 hash:	d3e6ec1ec3701c310a31733a489753a88153909e
MD5 hash:	0d3543c663aeff15f03edf6dabad3ef1
humanhash:	stream-princess-december-mississippi
File name:	f9b7ef320dd7f76be9bdf12f14f0875a9f52165b989376cd1f2e2d23cdb52fe5
Download:	download sample
File size:	659'340 bytes
First seen:	2020-07-06 06:43:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4bb6c97d0fd6fbaeabdd43515fbc6b28 (17 x DCRat, 1 x NanoCore)
ssdeep	12288:Qo4JzBT1CFKV8oDfMEztc4HNG+DQKV2a3lwITCeThz8j2umLPWPunxJhjYOtO:QnF1DfpZVorS2a39CeT+jGLPWAx4O0
Threatray	259 similar samples on MalwareBazaar
TLSH	0DE423814FFC28B2C49E74B532358C86BA0A6C532C2D575C8D50E86B3861D33EF9AF95
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

63

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Dcrat

Link:

https://www.capesandbox.com/analysis/20923/

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Searching for the window

Creating a file

Creating a process from a recently created file

Running batch commands

Creating a process with a hidden window

Using the Windows Management Instrumentation requests

Sending an HTTP GET request

DNS request

Sending a custom TCP request

Deleting a recently created file

Reading critical registry keys

Launching a service

Reading Telegram data

Setting a global event handler for the keyboard

Stealing user critical data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f9b7ef320dd7f76be9bdf12f14f0875a9f52165b989376cd1f2e2d23cdb52fe5/

Threat name:

Win32.Trojan.Ymacco

Status:

Malicious

First seen:

2020-07-04 00:56:11 UTC

File Type:

PE (Exe)

Extracted files:

51

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

10189128ff7ff4ae10111c65ca809615595304636a0d0e451ee34bf23ee900a2

1ca9978db84d8cad7f6a8f838e106799352c386cfa3aee2bbefa195e7fabe166

28d1ce2d141fcfc52b6b8a81f5424920ba2818a14e8ac201446697ff977082de

3a61804bb8302d42eb46c25a884cf50e7e6e383a9a48bfbfb1cfbe78ed2ed389

4d13350ebf3d38475a0a4a8c223fe6c06e00af3585eb499f60e29639b3944d3f

62a7f441ba21aaa568fe700029fa32d6dd7eeb2ed0a7f7259a680f2aae65ee31

6d833bd671f179c8dfdf89aac0bc77cd7bb49f82a98cbf5d8122a9d47fa98e9f

9d1f32d9806bafd63451a59e1768502f31cf9dc746c9e92f62b978c1ed259497

bc742c33c446a25e6482c4209436088415d5c89a7f8ab66f37f16006d62344ac

ef72449dd56a1628cc56a50809c914fef2b5a59ca51b06e78e1c822d8938252d

+ 249 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200706-b96c5z8trx/

Behaviour

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/20923/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample