MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295
SHA3-384 hash: a13acde8bfb61d56311fb36956928e331d17c9ec4e3e1c3129178ce17ffb15b5779b68715788e4376dd5648eaf3f13c4
SHA1 hash: 9eafc8580c7c18c947531e7c6ac1c75c83d2fdbc
MD5 hash: b12369f6f4ccb0f9867612ff0eccaa8f
humanhash: uncle-romeo-paris-arizona
File name:SecuriteInfo.com.Trojan.GenericKD.43402664.4746.14124
Download: download sample
File size:368'164 bytes
First seen:2020-07-01 04:43:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 335172068aa2111ea57057a8ab38eb5e (1 x CoinMiner)
ssdeep 6144:JkLtLoS6a8MIFjnV+refZFtt0PPh0PhxEob5Rr3c7LMp4onHf2o6Fy3QBlZd4I:JSVoS63fVuucPvuD7sg9n/2o6FHBVb
Threatray 37 similar samples on MalwareBazaar
TLSH D3742288D26E480AC5F8A53620076EE71C2CDA0983C79E5273D2746FBCD1B53BD4D2E9
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17525/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.43402664.4746.14124.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295/
Threat name:
Win32.Trojan.Malxmr
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 15:50:41 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
a4bd1ce6832e9cfa0078b39e7dc035047ff593ff4f875fd19ed7ab54508fa7e4
a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a
bb14728459929940d4a7c6fd636177faacc0a23e4f75e526f12259e78a3853e7
dea877be3b8ceb7eb4cb1bb40895bc6886d3ccb0f2498e7b3c4257d726a7d896
e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea
edde62496431c693fbd64bbccbb5fbb58338bcd9df1a949712955b110ff8e7e4
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion
Link:
https://tria.ge/reports/200701-m4jrebkj3s/
Behaviour
Kills process with taskkill
Suspicious use of WriteProcessMemory
Runs ping.exe
Creates scheduled task(s)
Enumerates processes with tasklist
Views/modifies file attributes
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Launches sc.exe
Modifies service
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
Sets file execution options in registry
Stops running service(s)
Sets service image path in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/155996/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/406352/
Cape
Cape
https://www.capesandbox.com/analysis/17525/

Comments