MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101
SHA3-384 hash: 0cd5cc23a60d66c494a3c2a041e021c1722a06ed3d5002497542d3dd1ea6962a30b970cf51b2e5d3241d23511f690adb
SHA1 hash: 7dc6e5681c33800c6543ecb148d4718e33138ee9
MD5 hash: b3d19d65687560f5c206d0338b7d6601
humanhash: alanine-queen-double-black
File name:b3d19d65687560f5c206d0338b7d6601
Download: download sample
Signature CoinMiner
Create hunting rule
File size:1'892'864 bytes
First seen:2023-07-10 16:51:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:osFKs/vvt1MSC/GoWvyMcUH81mVjIZ/WimspSM8rta7yLp08TM8nch2Cy7v4P+7M:osFKGbNoy9x0VpFm1ZE7yFsC9CiFb6h
Threatray 367 similar samples on MalwareBazaar
TLSH T1BA950102BA455BB5E678D7B7C0D6893007A0EEC1579BD74B38BB7FAD38233A59D81102
TrID 50.8% (.EXE) Win64 Executable (generic) (10523/12/4)
10.0% (.EXE) Win16/32 Executable Delphi generic (2072/23)
9.9% (.ICL) Windows Icons Library (generic) (2059/9)
9.8% (.EXE) OS/2 Executable (generic) (2029/13)
9.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 70f0ecd4d4ecf070 (1 x CoinMiner)
Reporter zbetcheckin
Tags:64 CoinMiner exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
339
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b3d19d65687560f5c206d0338b7d6601
Verdict:
Malicious activity
Analysis date:
2023-07-10 16:52:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3e14ebb4-7bb8-466d-8e09-93522ce0a801

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/414426/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.94319.1984.27933.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
Creating a file
Launching a process
Using the Windows Management Instrumentation requests
Forced system process termination
Creating a process from a recently created file
Deleting a recently created file
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/64ac3733a15fc7eb4fd076db/reports/63c589e3-b75d-48d3-90f3-bf39e6e05abb/overview
Verdict:
Malicious
Labled as:
MSILHeracles.Generic
Link:
https://www.hybrid-analysis.com/sample/05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/580dd95c-8e4b-45a8-814c-0fe3ab98a671
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1269984
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2023-07-08 21:16:06 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
15
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=axcpogs4vihnnae736sxwredn5pomqenop3ls7gzu5i3nfqjceaq._file
Verdict:
malicious
Similar samples:
163f0f159705867530e310ee48ffb66a057fba8a236ca2473c3de1d2f9ea48c9
CoinMiner
1c758992ed57930115ba585a43bc0a7a750a476206cf1999bf3333f26fc230f2
CoinMiner
2dc6a762fbcc017cddee0b0099ffcc61af6336f4444e911997e4af2635c8f183
CoinMiner
509876bf98ee51fc5d7a4d6af1244227fccd94a556a9c85dd9bdf535d8619b39
CoinMiner
8e81c784f79eb9358991ca3b1bab8c5d1ddaaa70a849fe7527ed005063d6c092
CoinMiner
8ef5c190b1b13bb8fdf5c06fbd8cec9bb68e9aea39d5eacd0dcc011bc6e726ee
CoinMiner
a68cd42b12ffb9ca676649961481f4f0f825db7cddda46f1d20f160c4ca7b0df
CoinMiner
bb90c8c39ba60347b2d5f2a73a11f9c1f9f7e16251ca3098e4c087257bcce09b
CoinMiner
fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505
CoinMiner
+ 357 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230710-vddgbscb23/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Drops file in System32 directory
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101
MD5 hash:
b3d19d65687560f5c206d0338b7d6601
SHA1 hash:
7dc6e5681c33800c6543ecb148d4718e33138ee9
Link:
https://www.unpac.me/results/6c0dc805-d100-45b5-a9a7-0f0fc6dab735/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/05c4f71a5caa/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
CoinMiner
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe 05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2680055/
Cape
Cape
https://www.capesandbox.com/analysis/414426/

Comments


Avatar
zbet commented on 2023-07-10 16:51:06 UTC

url : hxxp://77.91.84.42/deliver.exe