MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c3155d4c87559a9fb87f0341c84a91b0ed6d17c1a3bbf5f1ffa2647cab8be53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c3155d4c87559a9fb87f0341c84a91b0ed6d17c1a3bbf5f1ffa2647cab8be53
SHA3-384 hash: c78ee525d794a89bdbd2d92e1e2b82ccfad8e4d6b1fa707667b7fb711969c0ceb4595bf95c8135b0b5b10b2ab26e306f
SHA1 hash: 7f33e1d0b46f21ffe13b8b7a6b665c23611b7b1b
MD5 hash: 9732c90bce945aa281ae79f6b86ba4aa
humanhash: washington-montana-purple-bulldog
File name:0c3155d4c87559a9fb87f0341c84a91b0ed6d17c1a3bbf5f1ffa2647cab8be53
Download: download sample
File size:11'240'718 bytes
First seen:2020-11-10 08:45:53 UTC
Last seen:2024-07-24 11:08:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep 196608:r/gT+nQ+ifTdDduD3drdJN8Mj3gBEEfwHEFoWXm:r4ynKruDfLJcBEVHr
Threatray 168 similar samples on MalwareBazaar
TLSH 78B67D27F5E204FDC67FD17082979732BA31786942307BAB1B90DA752F12F906A2E714
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Win.Trojan.CobaltStrike-8091534-0
Create hunting rule

Win.Tool.CobaltStrike-6336852-0
Create hunting rule

Win.Malware.Tofsee-6896728-0
Create hunting rule

Win.Malware.Tofsee-7057860-0
Create hunting rule

Win.Coinminer.Generic-7158858-0
Create hunting rule

Multios.Coinminer.Miner-6781728-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c3155d4c87559a9fb87f0341c84a91b0ed6d17c1a3bbf5f1ffa2647cab8be53/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 08:48:38 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31
40060eb0d5e769d9a65987c9c1bace3525e0fe6b6ca0f1b5693b2ba4871d032b
4a8189e1228669e993e25ca158c6fd9d8c1cfa53e10aa9392812e938fd2fd467
6ee54c5576668d306e93e6c1e08c21a804eb0b52cd0fece6b8f2637f9738476b
85a588bc7e92b4e3a32b439477d47a54da61a22f9bb333e4257966ae291d383a
9c1c3f79f2695b16bead4cd1a59ab513e01afa4e85ce69401698192f50caffeb
a6716509395bbeb0b27d4f384927e7c5b3e75f9fa6e1def742340ab128c15a89
b9b5cce5bd4102fcd4fba76b5451eb649435f48e6a246ce8b91dc318a2e68c6d
d263ca7460c0c002e23422c350e23bc02ced51761458bfed03f2941592d54436
e36f3a7871e2b5056d56a65c212819d56fa723c8cc96e0c83e8270a205c3321f
+ 158 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike
Link:
https://tria.ge/reports/201110-anjym1yh5e/
Behaviour
Modifies system certificate store
Malware Config
C2 Extraction:
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments