MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
SHA3-384 hash: 0e0f62a5e4dd9305b890f061172b966cc96969780faef4ad3395721f09481380e7199f4b277297d4df9c92e0efeb8977
SHA1 hash: 4e34494ce3adefccddf200c10c1916e26a9e630f
MD5 hash: ce6dbba6da2590a985f9412854e21cc0
humanhash: victor-cup-georgia-mirror
File name:290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
Download: download sample
Signature CoinMiner
Create hunting rule
File size:8'757'248 bytes
First seen:2020-06-16 09:22:00 UTC
Last seen:2020-06-16 09:38:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 196608:77anBJfWMsd4/T8z+haotxVNrqEynsZtUYdQEryVJF38M3F6:an3fWMs6/++haEVAEyZYWEGS0
Threatray 33 similar samples on MalwareBazaar
TLSH E19633967D5B9506DE803A311BC663FD93E72E1A4A366423B98A3F4C4FF844199D0C2F
Reporter JAMESWT_WT
Tags:CoinMiner

Intelligence

File Origin
# of uploads :
2
# of downloads :
448
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AsyncRat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/10656/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.53661.28817.18133.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 16:42:01 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fecffo4owtp4yph3cwimr6y3irbhupe7aq422wcv4nn4hfjxuorq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
00383e0cef95de02bac4a4725234f5430202e33f1d80b1dd299d682590e6d2f9
CoinMiner
11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65
CoinMiner
30eb8727af3b8a2f4551574c7d826e9f27480e79d242b92d392b1f64091acf12
CoinMiner
314ce9b62cecb9435d9ff2338943e4e784cbfbaf9a65dbda7fe1064f477afe41
CoinMiner
3dcdb90a6140612a5ca5e3a3e7efbc82c43766355399965a200a5753fd1273ad
CoinMiner
485fcf4c2834e20d71b6765eccd79f6b0880d6a9fdc5d3e519a943862e9b8246
CoinMiner
71bb29dfc07190aeace9d750fcb2e9a66a8abebab3c6d2c40eb0b3ce93e4c36f
CoinMiner
81429537eaee5bbddb85975b66d4726bc8f80daec6167a5d3e796ea377dd3fa6
CoinMiner
ea1213c0a684662e8305cfe1c6eeebbb12a9d1404e7571438d3730cc1df1caab
CoinMiner
f42c71d191748551be0bbb356e4dc638c60fbdc906e7d6536ed4512c5c7eab3e
CoinMiner
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-zj9lcx3wvs/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10656/

Comments