MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50
SHA3-384 hash: b93ccc960d1ff2a2da4ddff2e7d03cb65c6758582fe101ae992366972e3120e36ce2538be72f435472e7e32b212f6224
SHA1 hash: 8f0323e577d4df82c7faa4cd6ba7303b38b6a26e
MD5 hash: 1ef7d145bf7153292ea33fe7c900ece9
humanhash: oxygen-stream-pip-xray
File name:iec56w4ibovnb4wc.onion_Library__Coinminers__msxml.exe.malw
Download: download sample
File size:375'296 bytes
First seen:2020-03-18 21:51:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e80b1ef709e071173651c6bb53a95da0
ssdeep 6144:EUECsqqD9Y7PaFmU5wUkibQmXNyCUq4yVqMbNOgLvjaaOwDO6j7A7uJVsoGW/sQR:jdpqJY7PaRkdEyXqxqMbNhja7Zm6uJpB
Threatray 6 similar samples on MalwareBazaar
TLSH BB84E106F6C889D3D5230A3884B30F9159B5B47A9E90CE2B75CCF53D6E573985B2BB20
Reporter ov3rflow1
Tags:malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CoinMiner-24.UNOFFICIAL
Create hunting rule

Win.Coinminer.Generic-7151253-0
Create hunting rule

Win.Coinminer.Generic-7151447-0
Create hunting rule

Win.Coinminer.Generic-7151516-0
Create hunting rule

Win.Coinminer.Generic-7152522-0
Create hunting rule

Win.Coinminer.Generic-7155777-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Multios.Trojan.CryptocoinMiner-6448864-1
Create hunting rule

Multios.Coinminer.Miner-6781728-2
Create hunting rule

Result
Threat name:
Xmrig
Create hunting rule
Detection:
malicious
Classification:
mine
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/343853
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win64.Trojan.Xbash
Create hunting rule
Status:
Malicious
First seen:
2018-06-26 00:02:00 UTC
File Type:
PE+ (Dll)
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0290b4bba5483f6c9865c8b2a1df7e0756a6d5ade4a2dc5ced0a380a9988d35c
0f1f333f34d4ab91907ca6a0ad8d3360d5324623e9c885ab228127bce34932e5
3b6888d30e34ab5f977345c962d76f352483f6138a89079061839af1f553ca18
3eab524a310c06bd10c87b8a1035829a0e875ae12a4feb62a3cd519388878ba1
48b9908bc98ae2903ee34167224b402fe5eb3a6c9b853ab17e728de52e2639a0
8f9f89be357d1d17b6281bf9f6caebfa97fdbfcb6aec50e4aa147d0e24e909e7
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::FillConsoleOutputAttribute
KERNEL32.dll::FillConsoleOutputCharacterW
KERNEL32.dll::WriteConsoleInputW
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::FreeConsole
KERNEL32.dll::ReadConsoleInputW
KERNEL32.dll::ReadConsoleW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::MoveFileExW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.dll::CryptAcquireContextA
ADVAPI32.dll::CryptGenRandom
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::FreeAddrInfoW
WS2_32.dll::GetAddrInfoW
WS2_32.dll::WSAIoctl
WS2_32.dll::WSARecvFrom
WS2_32.dll::WSARecv
WS2_32.dll::WSASend

Comments