MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea
SHA3-384 hash:	d096cca0cbe91d26cd1c0405d8b49831cda0ea0814d665ce7d3a7cc9036b5509dec84cef311a55becbf6c911ffe42b65
SHA1 hash:	a429a9a59f3148f12ef82bd2f78fb6a52f48fd22
MD5 hash:	80a6fca1618e994dc577cc9f8b666f68
humanhash:	orange-two-triple-vegan
File name:	e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	150'931 bytes
First seen:	2020-03-23 16:23:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	af7b8813a2e213ad2ed4a1d42c1b2975 (1 x CoinMiner)
ssdeep	3072:iz4BnDU1/ttRPTRA9JvSBFUcDNvJ30fG9RwzaXxFWn:64dUrtB9A9JvST1DNvN0uPYUxMn
Threatray	59 similar samples on MalwareBazaar
TLSH	ECE3125339B8AB77ED2C107524DB8401D5B86C6CA73DAF18546CBDB92F706A7EE120B0
Reporter	Marco_Ramilli
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

# of downloads :

454

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

Win.Dropper.Gh0stRAT-6992332-0

Gathering data

Threat name:

Script-BAT.Trojan.Wget

Status:

Malicious

First seen:

2019-03-10 23:06:29 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 29 (89.66%)

Threat level:

2/5

Verdict:

malicious

CoinMiner

a5995d49de4242755e6baf1c40ad297f96a797e5a8dfd59ab779d088b84fab6a

CoinMiner

bb14728459929940d4a7c6fd636177faacc0a23e4f75e526f12259e78a3853e7

CoinMiner

c6b664ffd10c03d085b36bd57b72467b6508ba736e9c8d77182e0d1518b91295

CoinMiner

d4eec3387fde66fc5b45135db86b9fcdebcb75e199fe9be1a834d89cac6b9d13

CoinMiner

e42d5d1c2c28924044e875a9334b05dea4d0e26a1e36c6411c7937c6464c1786

CoinMiner

eaec22c2d23bb4d85d21b80ce1cc4b3874964631f615d1975cdab03467078f5b

CoinMiner

eb9a70ac0d1f7c413f10f5308bda81e1da5a9b5bfd2ab7c8d89232eada71c143

CoinMiner

edde62496431c693fbd64bbccbb5fbb58338bcd9df1a949712955b110ff8e7e4

CoinMiner

fb98803c42920bc5019d764153010c64f12bc6543e2a1a9e1378185b4e434edc

CoinMiner

+ 49 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

exe e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/191674/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample