MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10835966177c277d70fae42109ddacccea06ab0c576709e9a68ec768840882ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	10835966177c277d70fae42109ddacccea06ab0c576709e9a68ec768840882ae
SHA3-384 hash:	b44ef39b171037848e5a34496b8d9dbb3abaf08e2b965c5e6375f60a87a52c77629959f6e1e6a056d40075f6452f0951
SHA1 hash:	f36286b829b6ae6ab2fc477c8ada5b364c1539ef
MD5 hash:	a1c29a8ae76a7658009b1aa082c66d42
humanhash:	nitrogen-xray-nine-coffee
File name:	xm.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	815'104 bytes
First seen:	2021-03-21 23:10:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ea53225f8e7807662db92fa5e4bcac42 (1 x CoinMiner)
ssdeep	12288:/8iuxXG+OfUHYh0lU1eetep8DND0FsGmdr5+PV7cKkM7:/IxXGX6YhWU1neCDPeVcKk8
Threatray	98 similar samples on MalwareBazaar
TLSH	5105AF42B5D390F2C525153005B66B3ADA34B6461B34EFCB9778FE685E332C1A93339A
Reporter	r3dbU7z
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

# of downloads :

420

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

xm.exe

Verdict:

No threats detected

Analysis date:

2021-03-21 23:11:52 UTC

Tags:

installer

Link:

https://app.any.run/tasks/64480551-25bc-46ae-9247-3b80c9a56642

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Malware.Zusy-6840460-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file

Connection attempt

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

XMRig Miner

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a5a2e44b-12fb-4a7e-abeb-f7ca3b67a67c

Result

Threat name:

Xmrig

Detection:

malicious

Classification:

mine

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/647206

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Xmrig cryptocurrency miner

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/10835966177c277d70fae42109ddacccea06ab0c576709e9a68ec768840882ae/

Threat name:

Win32.PUA.FlyStudio

Status:

Malicious

First seen:

2021-03-14 14:46:01 UTC

AV detection:

25 of 28 (89.29%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ccbvszqxpqtx24h24qqqtxnmztvankymk5tqt2ngr3dwrbaiqkxa._file

Verdict:

malicious

CoinMiner

435858766d123afb7afef259fca8564e883fffce4bdebe7da7b047f8030dfe4f

CoinMiner

4bb4435958fa48762b34905fc5ac50c78878eccb33252f72cb037d664cb60fc9

CoinMiner

56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652

CoinMiner

7333ddf4a7e53eeda33a8360b307471358597aeff78f4a5a7f4610640f97bdc7

CoinMiner

75b388003cc32b680abc3d9b41bc6c435af723de235eaab36a323fddcb906f62

CoinMiner

799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325

CoinMiner

82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55

CoinMiner

a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d

CoinMiner

f4158e798cb1c425cd5c50250f7016e9acd26bae7373e46585907682f120c546

CoinMiner

+ 88 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210321-ksptyr4tkj/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Unpacked files

SH256 hash:

10835966177c277d70fae42109ddacccea06ab0c576709e9a68ec768840882ae

MD5 hash:

a1c29a8ae76a7658009b1aa082c66d42

SHA1 hash:

f36286b829b6ae6ab2fc477c8ada5b364c1539ef

Link:

https://www.unpac.me/results/4e89f070-afe9-4b68-939c-e17c217b7785/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/10835966177c277d70fae42109ddacccea06ab0c576709e9a68ec768840882ae

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	SUSP_XMRIG_String Create hunting rule
Author:	Florian Roth
Description:	Detects a suspicious XMRIG crypto miner executable string in filr
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample