MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491
SHA3-384 hash:	c17b94aed302b79c6b443db4550375bac722cd51cbb712801acf2721377ffe0cce97517f52091776029ac5ded296a367
SHA1 hash:	4384a3d49ecdcebef37ebc9a3230c464ccbe9eda
MD5 hash:	9684d0cfa94160fe70f7fad00b5b094f
humanhash:	wyoming-carbon-avocado-table
File name:	9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491
Download:	download sample
File size:	2'281'984 bytes
First seen:	2020-03-23 18:54:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f61687272ede04042da2ed03fc12db7b (1 x CoinMiner, 1 x CoinMiner.XMRig)
ssdeep	49152:U/bBxdO+GX++8GtKtjzKeorkYZP63w7mJoeFXWuaXacisR2hpfA8i:UTBapUGtK0jn6loe1U1oH
Threatray	11 similar samples on MalwareBazaar
TLSH	09B53312D645EE75FA3036329F9B1EB19B30AD0D5B4539760398BE6E323DA678B00347
Reporter	Marco_Ramilli
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-4

Win.Malware.Temr-7070541-0

Gathering data

Threat name:

Win32.Trojan.Coinminer

Status:

Malicious

First seen:

2020-01-13 10:57:36 UTC

AV detection:

28 of 30 (93.33%)

Threat level:

2/5

Verdict:

malicious

268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e

39c531db99d46a4b3906a41e6e1afdb2523106c795b11eecaf75bc3a1fbff57b

4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884

5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6

5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef

6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6

649be52b6b0d362efcfc6f1dd79a6b8fbcf85eb2b68f0138f87b6e1cc7e5a418

75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6

e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e

+ 1 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/111420/

URLhaus

https://urlhaus.abuse.ch/url/111537/

URLhaus

https://urlhaus.abuse.ch/url/111604/

URLhaus

https://urlhaus.abuse.ch/url/21353/

URLhaus

https://urlhaus.abuse.ch/url/111609/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
MULTIMEDIA_API	Can Play Multimedia	WINMM.dll::waveOutOpen
SHELL_API	Manipulates System Shell	SHELL32.dll::ShellExecuteA
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample