MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
SHA3-384 hash: e601cffad40fe632ad79cd568ca48d2ddc17633de94e2f2a733bbda2aefeb9d13c798b29b9dbf886431757f6582b8f17
SHA1 hash: e62f8f008d454e22865ee1f10d53ef00dcccb178
MD5 hash: a5464b6aa786bc8541c981290e6c6bca
humanhash: queen-zebra-sierra-violet
File name:a0e9692a6a0f50890c03829cfc80dd4ef47aaf4ade8c2fd35a62c09d290171d3
Download: download sample
File size:2'178'560 bytes
First seen:2020-06-03 09:04:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:nGgLPOqiCHkeVXAUkEqB+wFMHMRTzeM98rP6htvsUMaOEsN5D9i:nGYPSCdx3kE+nMs1izTavsUbOEsDD9i
Threatray 51 similar samples on MalwareBazaar
TLSH D3A533B18D47D463CA050A7445EAEBE046D8BE9EC924936ED054703B5E3231ABFF718E
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Coins
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 11:05:00 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
450224b458d5d44cbaf62d95e18face27de776ed227ba0f7dc7e12bd07f64c9b
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3
f8915227c25c5ac552d66f3708f615cd517363953829d3715f38666d7dfa9770
+ 41 additional samples on MalwareBazaar
Result
Malware family:
cryptbot
Create hunting rule
Score:
  10/10
Tags:
family:cryptbot discovery evasion spyware stealer
Link:
https://tria.ge/reports/201109-z23ywknb7s/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Checks BIOS information in registry
Identifies Wine through registry keys
Reads user/profile data of web browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
CryptBot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments