MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cd3dd68e24b1eaefd656aec5f90d94e79955e61fd1e90e13594d2413e6a135b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cd3dd68e24b1eaefd656aec5f90d94e79955e61fd1e90e13594d2413e6a135b
SHA3-384 hash: 1e6e949cf972a69c36b12a52016ea79ed8a2c1f3e3c60f3a37f369c52e5880d440559c18948e5bf255764e64fd710578
SHA1 hash: e6f3f91045436f04c9c13518de86c05ef14061b5
MD5 hash: d9d02fc8a49a364b07e681e6848d1bde
humanhash: kitten-fish-failed-cup
File name:jeepeg.exe
Download: download sample
Signature CoinMiner
Create hunting rule
File size:1'491'327 bytes
First seen:2021-05-27 05:59:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e20144075bbb41a42c79b3e320ad5d7 (1 x CoinMiner)
ssdeep 24576:IVnjN6MGHv+2xIuY3rfBmKU4vJTxq5MM2d6LNXV0PtGap75qsQb0XwV:IVnB6XP+2xIuYtmKb1x82d6LT0FGa7CV
Threatray 7 similar samples on MalwareBazaar
TLSH D0652380E9D996DBC376097A2A69CE800F67E9430016CBC95DD0F66C6CAFC71454FE2D
Reporter adm1n_usa32
Tags:CoinMiner exe jeepeg

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
jeepeg.exe
Verdict:
No threats detected
Analysis date:
2021-05-27 06:02:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e022df3f-5c61-4756-ae2f-d6eccce0a720

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/162633/
Detection(s):
SecuriteInfo.com.Win32.Delf.2.W.7935.12349.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Generic.mg.55409ce1311cea06.6781.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file
Creating a window
Launching a process
Sending a custom TCP request
Searching for the window
Moving a recently created file
Replacing files
Sending a UDP request
DNS request
Deleting a recently created file
Running batch commands
Creating a process with a hidden window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/793032
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 425428 Sample: jeepeg.exe Startdate: 27/05/2021 Architecture: WINDOWS Score: 84 30 Antivirus detection for dropped file 2->30 32 Antivirus / Scanner detection for submitted sample 2->32 34 Multi AV Scanner detection for dropped file 2->34 36 3 other signatures 2->36 7 jeepeg.exe 1 7 2->7         started        11 Music.UI.exe 57 38 2->11         started        process3 dnsIp4 20 C:\Windows\SysWOW64\mpkmgvw.exe, PE32 7->20 dropped 22 C:\Users\user\Desktop\OVWVVIANZH.mp3, PE32 7->22 dropped 24 C:\Users\user\DesktopVCMENBQHP.mp3, PE32 7->24 dropped 26 3 other malicious files 7->26 dropped 38 Modifies existing user documents (likely ransomware behavior) 7->38 14 cmd.exe 1 7->14         started        28 settings-ssl.xboxlive.com 11->28 16 WerFault.exe 3 9 11->16         started        file5 signatures6 process7 process8 18 conhost.exe 14->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cd3dd68e24b1eaefd656aec5f90d94e79955e61fd1e90e13594d2413e6a135b/
Threat name:
Win32.Virus.Jeepeg
Create hunting rule
Status:
Malicious
First seen:
2011-07-24 04:13:00 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0904cc3ac5743bc4e4f4dcfa31ec6cfe449c12646542f970cbfd53d8dd6915bf
CoinMiner
366bac9db38e89bd47b0128bdf62a4f986d1d27449c12920744e157b819751f1
CoinMiner
3874eba497e0b61949d0772430ce1df420e28777dba850a6033295212e9de9c5
CoinMiner
5e4da067908b56292fc2595a72378a091feccd8090b6ba186db4287c94a68680
CoinMiner
7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51
CoinMiner
7fbbc53861d27c037953d846e4726b3e2f0a1a1b2508128ee400b138aeb1f3ce
CoinMiner
cc829675a0e11138d47b42b5c19e45403d7d73731aac0c97ca8b2a0e37a960f8
CoinMiner
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig miner upx
Link:
https://tria.ge/reports/210527-c6x7np2ece/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates physical storage devices
Drops file in System32 directory
xmrig
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.58
Link:
https://yomi.yoroi.company/submissions/0cd3dd68e24b1eaefd656aec5f90d94e79955e61fd1e90e13594d2413e6a135b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/162633/

Comments