MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0884cfc96d09961313af6eaaec9a01afa1032a24552df4060406d9f63b841865. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0884cfc96d09961313af6eaaec9a01afa1032a24552df4060406d9f63b841865
SHA3-384 hash:	fe6908701c77cc8823fa6dbc8fcdff0ede59c13d187e76cf31bb805e1767b29c3cf6da53d28a4ba851d9e73faebf51ed
SHA1 hash:	94fe43ce687f0c70a7120f59a81e0064e66c9086
MD5 hash:	37812fbc83778185d7611456c4e545f3
humanhash:	johnny-nuts-chicken-violet
File name:	0884cfc96d09961313af6eaaec9a01afa1032a24552df4060406d9f63b841865
Download:	download sample
File size:	5'951'176 bytes
First seen:	2020-11-10 07:55:41 UTC
Last seen:	2024-07-24 10:58:44 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	71f37f91c14c4729e462a32b6b2ae9d4 (27 x CoinMiner, 12 x CobaltStrike)
ssdeep	98304:eDI+/dahdfE0pZpW56utgpPFotBER/mQ32lUU:QRdf56utgpPF8u/7U
Threatray	180 similar samples on MalwareBazaar
TLSH	C3565D41EDAB05F2EB8712308CB74E5F633372190335E6C3DA650A6FE9276E46A36741
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike Xmrig

Detection:

malicious

Classification:

troj.mine

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/527901

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Found strings related to Crypto-Mining

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Yara detected CobaltStrike

Yara detected Xmrig cryptocurrency miner

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0884cfc96d09961313af6eaaec9a01afa1032a24552df4060406d9f63b841865/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-10 07:58:53 UTC

AV detection:

38 of 48 (79.17%)

Threat level:

5/5

Verdict:

unknown

2d1944507ece8757b364b80692ab3130927f7451075bbc8277ebb9ac2052e176

3b8c558ef62907210377eb7dbdac0788c484642afee05b122b7a9a50946648cb

44fde9d55dcbcb0e6717f3175d7227ef6824c101ecea08611c2415685f035398

7aa674334d0c80a13ebf00f14c88dec066ba06609f57aa5fad00ec165200f37c

7ac3ed0f2df0522c50dbf1bacdf0278e7536819597aa5ba3e22f9e1b4f8710a7

9cf5e2e20324241ae6c52290c135e1de3d23560756bb60504b388e4b586b835e

c967d74e3a56ff9a48ca16c7aa3f878e04925a67aab7b58ee2cb4cd866788770

db89ba255662ce43b67a019667090b62924c8062212788ce2913f527ddf4324c

eeecd2e7f3586adfc3ee78d67e6b8c84705ce3472ca52d266c0cef89883b36b1

+ 170 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike

Link:

https://tria.ge/reports/201110-36zs7249ya/

Malware Config

C2 Extraction:

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample