MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b
SHA3-384 hash: 055c76e110e52df14c87462811a1d81265f27947894f03b03cb6848404b088793b9082ba7501b59f9c9f58fdceac168c
SHA1 hash: c2e557129f639b5754440c67045f0ab23f0b46a7
MD5 hash: 538f4d7d0d7ad121db2d46da31a34dd6
humanhash: seven-steak-avocado-comet
File name:450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b
Download: download sample
File size:2'224'640 bytes
First seen:2020-06-03 09:04:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:HtpfphvlgV556zaLMSdL29N2l08+MYw/BRGCxaSMk1JKdgo+/pUrEI9i:HtpfvNgV55maIILxJSTSZ1JKE/p9I9i
Threatray 38 similar samples on MalwareBazaar
TLSH 7CA533AC36529BF5E0E9017086CFD274B9770D69CF064173A25B3F2C89B6E891A73097
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Coins
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:26:00 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3
e9cced0b9ebefdba76a527b00dcb635a37ea0274f5b8038e9eec809bf2a500e0
+ 28 additional samples on MalwareBazaar
Result
Malware family:
cryptbot
Create hunting rule
Score:
  10/10
Tags:
family:cryptbot discovery evasion spyware stealer
Link:
https://tria.ge/reports/201109-4bjgcv4pha/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Checks BIOS information in registry
Identifies Wine through registry keys
Reads user/profile data of web browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
CryptBot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments