The provided malware hash leads to a specific variant of the Yellow Cockatoo Remote Access Trojan (RAT).
The malware’s filename is “111bc461-1ca8-43c6-97ed-911e0e69fdf8.dll,” indicating a common filename for the Trojan.
It was compiled on September 24, 2020, aiding in tracking its deployment timeline.
The malware was first submitted to VirusTotal on October 15, 2020, more than a month after its compilation.
Critical information includes the malware’s C2 server (“gogohid[.]com”), a .dat file (“solarmarker.dat”) it drops in the AppData folder, and the threat family (Yellow Cockatoo RAT).
These findings help in blocking the malware’s communication, identifying infected workstations, and implementing proactive defenses against similar threats.