MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ec2a270a9b0e335fb6ecf9d313e02771acad023d7a1a6168a15297d1f80312d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ec2a270a9b0e335fb6ecf9d313e02771acad023d7a1a6168a15297d1f80312d
SHA3-384 hash: 75ca33caea6053af26c80ea5d516b16edc41c881e8b5b0c91fcedfd0167f211a6ae6ba8769c846f467ab7e6062f1c3d2
SHA1 hash: 904366dba19c4418da855e015c8cf1d19ff517a2
MD5 hash: a28678621927ab1aeadb653cdaac16ab
humanhash: maine-rugby-uncle-fix
File name:5ec2a270a9b0e335fb6ecf9d313e02771acad023d7a1a6168a15297d1f80312d
Download: download sample
File size:2'325'331 bytes
First seen:2020-06-03 08:36:27 UTC
Last seen:2020-06-03 08:37:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep 49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTKUANMT:NABp
Threatray 8 similar samples on MalwareBazaar
TLSH A5B533268F195C3DD7E8567C183E0E5F16D0CB110002AAF0A6D722DB5E8CF6D199FA6E
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Coinminer-7331384-0
Create hunting rule

Win.Trojan.Coinminer-7331970-0
Create hunting rule

Win.Trojan.Coinminer-7331971-0
Create hunting rule

Win.Trojan.Coinminer-7332650-0
Create hunting rule

Gathering data
Threat name:
Win64.Trojan.Coinminer
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 00:06:12 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2773044442f1aa7b3dbfeeda44cf6e82ebdd4ca804409fc61f85e8b43be905a2
4ae56999b52479b1985ad4dc0234d26ac7954a4cf54255874f859f3cd91fc45d
a4bd1ce6832e9cfa0078b39e7dc035047ff593ff4f875fd19ed7ab54508fa7e4
b6d78e286f13f4583ffea8c5d597d402b00efeb4a3b36832be1f86a3ce5c1e03
b942960f1b5ead6933f527b95e87cfc994ddaffc910dca727f56b04706161544
dea877be3b8ceb7eb4cb1bb40895bc6886d3ccb0f2498e7b3c4257d726a7d896
fc24c66249ff1d20ea728a18dbfe87018e27e487a43eb1f09d4b642d9766dc51
fde7c52c166cd76fea454bbb539e7eba9ce704f5b442534bf5c4163213215426
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201109-mbve8n1lee/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
UPX packed file
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments