MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a84121fb5b2cbd944a21842a1bb1ca8b597e96483ea105d9b9b45821f4adfcc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	a84121fb5b2cbd944a21842a1bb1ca8b597e96483ea105d9b9b45821f4adfcc4
SHA3-384 hash:	66d9fe388f9e5eec922104a0cbc6e1d552ab01edeac173513a3082d994f86051876c5121909d91c366ff946dc43a16e6
SHA1 hash:	ae1153ca78865929766d26e8a8ae0d48894d9347
MD5 hash:	1b269983fd79f4e7e975b985d1916a3b
humanhash:	july-cup-robert-beryllium
File name:	1b269983fd79f4e7e975b985d1916a3b.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	1'186'816 bytes
First seen:	2022-02-10 05:44:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3eb7622479f8b2c1a30189a3df7139f3 (25 x CoinMiner)
ssdeep	24576:uy+jMkaTDtuF6kYK2MS6+wxaD21EtYlsVVRylcOJLrTkHurKg4:uyFkaTDtuMkxrU3t9icaLMur
Threatray	38 similar samples on MalwareBazaar
TLSH	T11D453342DAE0FC32D92BA27A5215AF5EEE54F527C7CF823CF678447A8E9451120473A3
File icon (PE):
dhash icon	b6d4a49aacb0b4ac (1 x CoinMiner)
Reporter	abuse_ch
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

240

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.DisguisedXMRigMiner-9938413-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/6204a62836f992191835b593/reports/73c44020-2b66-4025-9b5e-ae33fba67819/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

XMRig Miner

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/642b8d49-5efc-48c5-b623-e910a5bcc26c

Result

Threat name:

Xmrig

Detection:

malicious

Classification:

mine

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/937522

Signature

Found strings related to Crypto-Mining

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Xmrig cryptocurrency miner

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a84121fb5b2cbd944a21842a1bb1ca8b597e96483ea105d9b9b45821f4adfcc4/

Threat name:

Win64.Trojan.DisguisedXMRigMiner

Status:

Malicious

First seen:

2022-02-10 05:45:13 UTC

File Type:

PE+ (Exe)

Extracted files:

8

AV detection:

15 of 43 (34.88%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vbasd623fs6zisrbqqvbxmokrnmx5fsih2qqlwnzwrmcd5fn7tca._file

Verdict:

malicious

Similar samples:

0c7aaf3999899c4f29ea325f11746ab98462151fa78a15b8ca505973ac71fd02

2f802aab0b83ba927a253910e4fb2a071f39c5515d08e29be2c2a687771be0d5

3974c6e4ebb068f2600005739259d63edfac659dea5a3b7d17cd8c7d3e248aa3

49a326ef65fb6a7f8e778fb2104aa2708e38601348ddbc04e8cbd9117af0458a

a519b94cbb4c14b6fb3397c3220851ebf960fffe4f82360dbd4493bad0d38747

d7b998957afba18e7f9c27b67692f1b26073250a6cf4187ad578e21925d16018

e2f0a2043a3d8ae1e3b6c3f156a410544c2336108b244dd2f9b77f2f9ede0a56

e7d036c77c92bcc5773be4c2f4b4476282f36c0c05f45ab5b3bf2d275270cf06

+ 28 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/220210-ge8rzaeeg7/

Behaviour

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Unpacked files

SH256 hash:

a84121fb5b2cbd944a21842a1bb1ca8b597e96483ea105d9b9b45821f4adfcc4

MD5 hash:

1b269983fd79f4e7e975b985d1916a3b

SHA1 hash:

ae1153ca78865929766d26e8a8ae0d48894d9347

Link:

https://www.unpac.me/results/9c4b7e5c-8c45-42c5-9ee9-c437ff5c7887/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample