MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a18204dff55f0366a55ade413f15ec2fd23d758c2b6d488cb1354a2fe0441bc3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	a18204dff55f0366a55ade413f15ec2fd23d758c2b6d488cb1354a2fe0441bc3
SHA3-384 hash:	67d96a82cfb499c8c75bd197d85b51521ef9ceb6574f6754c40f9ecead77556fa93a4bb9d05c2003889386d61dbd6750
SHA1 hash:	6d8136a902b5605f122e2b962c4c86b8a251d0d5
MD5 hash:	15d53d38b99881cf4903e9cb0184407a
humanhash:	earth-michigan-mountain-nitrogen
File name:	15d53d38b99881cf4903e9cb0184407a
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	1'207'808 bytes
First seen:	2022-07-22 10:50:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3eb7622479f8b2c1a30189a3df7139f3 (25 x CoinMiner)
ssdeep	24576:9y+jMkaTDtuF6kYK2MS6+wxaD21EtYlsVVRylcOJLrTkHurKgC:9yFkaTDtuMkxrU3t9icaLMuri
Threatray	65 similar samples on MalwareBazaar
TLSH	T10F452302A6E4EC32E92A637A5205FF5ADF54F51687DF833CFE2C406E8F6451210467AA
TrID	45.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.2% (.EXE) OS/2 Executable (generic) (2029/13) 18.0% (.EXE) Generic Win/DOS Executable (2002/3) 18.0% (.EXE) DOS Executable Generic (2000/1) 0.2% (.VXD) VXD Driver (29/21)
File icon (PE):
dhash icon	c4c888dcfcf0e026 (15 x CoinMiner)
Reporter	openctibr
Tags:	CoinMiner exe OpenCTI.BR Sandboxed

Intelligence

File Origin

# of uploads :

1

# of downloads :

345

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

15d53d38b99881cf4903e9cb0184407a

Verdict:

No threats detected

Analysis date:

2022-07-22 12:54:51 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/05fe154f-8f57-4e73-95a9-68c123ac34fc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/293358/

Detection(s):

Win.Dropper.Miner-9943640-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/62da815961945a46c8d9bce2/reports/60404862-a2e1-4cb4-9b4e-3ff352d4409c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

XMRig Miner

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5fc14853-6367-4b6a-be3a-5cb901e4d943

Result

Threat name:

Xmrig

Detection:

malicious

Classification:

mine

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1039155

Signature

Found strings related to Crypto-Mining

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Yara detected Xmrig cryptocurrency miner

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a18204dff55f0366a55ade413f15ec2fd23d758c2b6d488cb1354a2fe0441bc3/

Threat name:

Win64.Trojan.Miner

Status:

Malicious

First seen:

2022-07-22 10:51:08 UTC

File Type:

PE+ (Exe)

Extracted files:

40

AV detection:

20 of 39 (51.28%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ugbajx7vl4bwnjk23zat6fpmf7jd25mmfnwurdfrgvfc7ycedpbq._file

Verdict:

malicious

Similar samples:

66fa2281567f268adefb54e91b88bfbd7a08eee6c40ff4aafa31472b8d49a3a6

9750c40f706b035a90da57ec5632283c54672d21d45acfbceb1fd2370a9c9c23

987911d90b0d661fba1a591f789915216d4b0bf6d7ef89eaae2efd23262b0c1c

acc69bb8c8d1b4fe18adf40b4f1fc59b8482004a90d36526761bfc3c5e5c41ea

bb89e482e3579a40209998b3e7941968fd07417d94d21578d7523343556b82f2

c4516d123c00b0765deebfbf23b964a01d88e871e2d289e4d9a7cf36582aa046

ca9181c1453f334f58c30c8707dd5427ecb63cdf3445ea262d9eb72e2739436d

d5808c5973bb7edb1c0c188062e5f88f0922fddd0f7662d45fa1db906a25a82d

+ 55 additional samples on MalwareBazaar

Result

Malware family:

xmrig

Score:

10/10

Tags:

family:xmrig miner upx

Link:

https://tria.ge/reports/220722-mxs25aegfq/

Behaviour

UPX packed file

XMRig Miner payload

xmrig

Unpacked files

SH256 hash:

a18204dff55f0366a55ade413f15ec2fd23d758c2b6d488cb1354a2fe0441bc3

MD5 hash:

15d53d38b99881cf4903e9cb0184407a

SHA1 hash:

6d8136a902b5605f122e2b962c4c86b8a251d0d5

Link:

https://www.unpac.me/results/cf5e0465-84f5-4652-a7d3-d1c1e5da2578/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/a18204dff55f0366a55ade413f15ec2fd23d758c2b6d488cb1354a2fe0441bc3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/293358/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample