MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b66b1deec9b595f7fed1f044692eddf8b086de8ea1f49b44f3dd5cffc89c5d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	0b66b1deec9b595f7fed1f044692eddf8b086de8ea1f49b44f3dd5cffc89c5d3
SHA3-384 hash:	153e06ba7bdd695c869b32892ba4b9816594819c61ea24b1223e895b30499db23990473ae406948f4aead8b4c9d6dac0
SHA1 hash:	21dbb4d45008dcc410ef6247cabe0e8eca22664c
MD5 hash:	3a7e2898c78ca09ceff9f8ef0bc11ec3
humanhash:	kitten-kansas-autumn-asparagus
File name:	0b66b1deec9b595f7fed1f044692eddf8b086de8ea1f49b44f3dd5cffc89c5d3
Download:	download sample
File size:	1'636'658 bytes
First seen:	2020-11-07 22:27:03 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep	49152:Lz071uv4BLMkibTIA5sf6r+WVc2HhG82SU:NABh
Threatray	114 similar samples on MalwareBazaar
TLSH	777533265F0A5D3FDBFC567C3C3D0E2B96D1CA61000649B0A1C7258B5B8CBBC296F966
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

70

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Coinminer-7331384-0

Win.Trojan.Coinminer-7331970-0

Win.Trojan.Coinminer-7331971-0

Win.Trojan.Coinminer-7332650-0

Win.Trojan.Coinminer-9670639-0

Win.Trojan.Coinminer-9787657-0

Win.Trojan.Coinminer-9787666-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the Windows subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0b66b1deec9b595f7fed1f044692eddf8b086de8ea1f49b44f3dd5cffc89c5d3/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-07 22:37:55 UTC

AV detection:

31 of 48 (64.58%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

3917659714f9e7002c2ee4609034c29611fd9004722f7ded813b7677e2b23f40

65ded04b1d36d94598bb961bc8186f91894c515cb40c8f4f55b32704997da35d

7bb865328f85095be86faa5e85dec51187d0a594dc871b71f108c0dbe70a2d2d

7c90b8058b4d24a684a48b18978657af2e14fbbc11117193c2c244983b607be5

89d5d36ce9e1a8119729880250f8a3ce47f878c0b1164a62e9ae5751ca0d8b36

b581539d53ce4764849fe9d166fc268ed760b5652b0f9bb82cc5452629cd213f

bf405687cd27cfe531be4b76ba191961ebaccc8edf694766921a98f246b30178

c141c25789fb6d9ba283cf8b8657c97894132c998e91e2ff3dc79e9585addafe

e739b990bade805539447c5145fc87240912b28c73a50858edcc3b4f7c298bc7

f1d2a644341ea818f5decd36f6a627b2e9e94ae5e4a023de22dd6c20580a68ad

+ 104 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201108-9yv4bn9jmn/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Drops file in Windows directory

Loads dropped DLL

Executes dropped EXE

UPX packed file

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample