MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b8a3ea3adcfa7d7b61455968eb51b1c62521cfe21e734e01b8bcf196b80b049. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b8a3ea3adcfa7d7b61455968eb51b1c62521cfe21e734e01b8bcf196b80b049
SHA3-384 hash: 1d2c5498f34abbe7b806abeebb92d9b48ae0a06c988890c0d2f4fed8e6f656ec9a68220e85f585c3c8f718ead5174516
SHA1 hash: f85fb58ded3c602c2ed7e1e9513d6241fd714d6e
MD5 hash: 7134501fc93b6dfd275a76438b5e1440
humanhash: autumn-high-saturn-glucose
File name:0b8a3ea3adcfa7d7b61455968eb51b1c62521cfe21e734e01b8bcf196b80b049
Download: download sample
File size:5'460'156 bytes
First seen:2020-11-10 09:06:27 UTC
Last seen:2024-07-24 11:06:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 227fe66ff6f22dec0266a5718d365ece (39 x CoinMiner, 1 x CobaltStrike, 1 x Berbew)
ssdeep 49152:ROdWCCi7/raC56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lL:RWWBibR56utgpPFotBER/mQ32lUH
Threatray 262 similar samples on MalwareBazaar
TLSH D6465C41ED9B45F2EB8712308CB31E5F6333B2190335EAC3DA654A6FE5276E46B36241
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.CobaltStrike-8091534-0
Create hunting rule

Win.Tool.CobaltStrike-6336852-0
Create hunting rule

Win.Trojan.Razy-7331645-0
Create hunting rule

Win.Trojan.Razy-7332867-0
Create hunting rule

Win.Trojan.Razy-7364523-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b8a3ea3adcfa7d7b61455968eb51b1c62521cfe21e734e01b8bcf196b80b049/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 09:08:25 UTC
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
06415d564f45de453c203cda4b6a9617f814d593152191ce0428d9d8a55073d5
1b7773d4ecc31379d1232d053dcde99c3fccd42a696770b126fb7cf110d5dd92
3f1e339e2e45d0b97927276a435d04d13a5b0588099dcb601ff15765f53de928
4ddc1eaa51866cbdf3e467f65be8366f8c05960e0d76674b65e761f7d95484fa
6d4e6584f39efa25689cc4238eafafec1a6864d1af82dff2ab75d7342c79925f
8647060b18549a49cb609bdbb5bd8558555615a0544a0c73e54d8b576323ac39
8eb80880a0d26e905223a4c9c42f8e7564c35708571ed61d8e9fd4616b1fed56
9d3f7ea3c85a1685b79829ae1ea387fb8cbc996b406dde4d922143d603298428
c46cff69cc9ef05a705a38ebfe88bb02408610ee374171cb8585372d55466410
d3137c02412d367b5dbffb3a72c0b2ccc0fe6c1a89dd630f18e4bec5349514cf
+ 252 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan upx
Link:
https://tria.ge/reports/201110-gaxyrzvl9e/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
JavaScript code in executable
Loads dropped DLL
Executes dropped EXE
UPX packed file
Cobalt Strike reflective loader
Cobaltstrike
Malware Config
C2 Extraction:
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Unpacked files
SH256 hash:
0b8a3ea3adcfa7d7b61455968eb51b1c62521cfe21e734e01b8bcf196b80b049
MD5 hash:
7134501fc93b6dfd275a76438b5e1440
SHA1 hash:
f85fb58ded3c602c2ed7e1e9513d6241fd714d6e
Link:
https://www.unpac.me/results/ee8663a3-5de4-4aa1-8ad1-f8cee8ba562f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments