MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SilentCryptoMiner

Vendor detections: 17

Intelligence 17 IOCs YARA 10 File information Comments

SHA256 hash:	1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0
SHA3-384 hash:	6eb3a66e4965fb3a746bc0d9056dd6e0a540d67e25076810616a05a9ad1bf5384ed96b73e6d665991c0c12f621580874
SHA1 hash:	c135e092191f5ba02da14b5ae517b4f6aace60d7
MD5 hash:	ee49871e53bb83a59c992e6bc1fcdac6
humanhash:	diet-north-potato-angel
File name:	KrN2ZLC.exe
Download:	download sample
Signature	SilentCryptoMiner Create hunting rule
File size:	4'942'848 bytes
First seen:	2025-12-20 10:28:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f8861a55b03332de97005193e8e4ddf0 (2 x CoinMiner, 1 x SilentCryptoMiner)
ssdeep	98304:aqAIYKOKaPuWn0yMxnTq0dKtxaEe+TuVbxinlItUkl5VHfRpIR8sBF:aqvNOKaP30dlTps2BElWU4zR+R8U
TLSH	T124360253D29F61E5D47AD13882466322FD7178600766AADB826057226F32FF07F7EB20
TrID	49.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 31.8% (.EXE) Win64 Executable (generic) (10522/11/4) 6.1% (.EXE) OS/2 Executable (generic) (2029/13) 6.0% (.EXE) Generic Win/DOS Executable (2002/3) 6.0% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	JaffaCakes118
Tags:	exe SilentCryptoMiner

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

amadey

ID:

File name:

KrN2ZLC.exe

Verdict:

Malicious activity

Analysis date:

2025-12-20 10:28:04 UTC

Tags:

auto-reg xor-url generic upx winring0-sys vuln-driver amadey botnet stealer xmrig

Link:

https://app.any.run/tasks/af88b1f3-8feb-4afd-bb73-f2ad8033463b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45571/

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69467a47ee899ae4567f1526

Tags:

coinminer emotet virus hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug coinminer miner packed unsafe windows

Link:

https://www.filescan.io/uploads/69467a45a7163552ba0329a7/reports/2866f6a6-a1c1-46c6-ac12-4bca0a7cc9ac/overview

Verdict:

Malicious

Labled as:

Win64/Kryptik_AGeneric.UB trojan

Link:

https://www.hybrid-analysis.com/sample/1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-09-20T23:37:00Z UTC

Last seen:

2025-12-20T12:39:00Z UTC

Hits:

~100

Detections:

Trojan.Win64.Loader.sb Trojan.Win32.Miner.sb VHO:Trojan-Ransom.MSIL.Blocker.gen VHO:Trojan.Win32.Miner.bfqse Trojan.Miner.HTTP.ServerRequest Trojan.Miner.HTTP.C&C BSS:Trojan.Win32.Generic Trojan.Win32.Miner.bfqse Trojan.Win32.Inject.sb Trojan.Win32.Agent.rnd

Link:

https://opentip.kaspersky.com/1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0/results?tab=lookup

Malware family:

XMRig Miner

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b56442c2-a15b-435c-a45b-5659856eff9d

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/ee49871e53bb83a59c992e6bc1fcdac6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0/

Verdict:

Malicious

Threat:

Family.AMADEY

Link:

https://tip.neiki.dev/file/1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0

Threat name:

Win64.Trojan.Nekark

Status:

Malicious

First seen:

2025-09-21 04:26:47 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

28 of 36 (77.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cikcnb3e7esszkca6hgh5gzwtdwvl4czqax2pk3uil3bcrgytdia._file

Result

Malware family:

xmrig

Score:

10/10

Tags:

family:xmrig defense_evasion execution miner persistence upx

Link:

https://tria.ge/reports/251223-nv2f6awlbx/

Behaviour

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Launches sc.exe

Drops file in System32 directory

Suspicious use of SetThreadContext

UPX packed file

Power Settings

Creates new service(s)

Executes dropped EXE

Stops running service(s)

Command and Scripting Interpreter: PowerShell

XMRig Miner payload

Xmrig family

xmrig

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/55734a61-d6e4-4e51-b577-c68eb55d464f

Unpacked files

SH256 hash:

1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0

MD5 hash:

ee49871e53bb83a59c992e6bc1fcdac6

SHA1 hash:

c135e092191f5ba02da14b5ae517b4f6aace60d7

Detections:

win_svcready_a0

Link:

https://www.unpac.me/results/cef03ae8-e437-4bda-a4fb-464386bf3320/

SH256 hash:

11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

MD5 hash:

0c0195c48b6b8582fa6f6373032118da

SHA1 hash:

d25340ae8e92a6d29f599fef426a2bc1b5217299

Detections:

PUA_VULN_Driver_Openlibsysorg_Winringsys_Winring_11BD

Link:

https://www.unpac.me/results/cef03ae8-e437-4bda-a4fb-464386bf3320/

Parent samples :

efd29c35766c607aa15d1cb83dec625739791b1616ad37d5b47e78cdb8a42ca8
40331d6e3d18c61d5591aa85fc455f6674e78924ce4660ce18221aa49f696779
e6da05c053763230ec6ba48cb976d43f184604d9262799eadb0c27ef2e839ec6
e14d20d5a80507197245fc2b53eefc6c5b9de9a422857b376434f7dd03533bc0
01a976b80253450a09d0b89075f5fa923a3411265f7bc8f3413d059fd662aa83
f49dd9baed6ec113ad16bcd07e50ab5dc1ca98ef4797712cbf3f2f5463a16d41
22289a61cd8a347a03da845d34820534b3e617781447a91c6a0fb3b1e6f6a184
21690a716f4d4f3af3ad00504dfd41ef4d11a5663ff96c3365838896ffcaedd7
c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077
235c665b25c1e78fed3ca96e57c374e5a416aad1d27b4ae436a1c6c58604268b
c8a83c6c8f797e36eb7a5edf0e5f85a8d985895c82932422b95bf628f4106dfb
ed3ce2006fbfa402977bb026324637b905c5cc8228254b88037d3f68152463d3
a7a9d6a874f65ea3689930a2af208a025fee0a3dc1ad5cb9c964cbadd2cacf1f
67bf6d0a4de17f79de1347b75c9d1af3106448a806132cf50b38c2c8aa19d8ea
254a713d3ec2852b6657ecb8840efd2662e048ace42c2b4e0b30c589cdb9f8cb
6353b1218561a746bb3e009b611a1945bc2367b4d3ffef7849d4af4d369f184c
4f85b6d87dcc12f7904f95f3716b18930c63cb18bd624c1abcbdd9181ba4efc2
e93433169e2ec088a21ee58ae3e780f68215eb75dcd31b83d1fa31d6c16145e5
1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0
803b90be4767757819d2be13b6d6a36d1af1383495a31a5932cfd50bacb4c717
9a2476c6474745cfacee35d15a3d4034d8d254304be3fa17a170ec0af9f9077e

SH256 hash:

43918d24a3d19d4b560e95310d451979a6d26953c69ee980751e0800017adfa6

MD5 hash:

23e5123bd072df1efd74ea1ff85eb201

SHA1 hash:

42a955571c0c4d6a5200da338d28067f075f9a91

Detections:

win_svcready_a0

Link:

https://www.unpac.me/results/cef03ae8-e437-4bda-a4fb-464386bf3320/

Malware family:

XMRig

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/1214268764f9/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BLOWFISH_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for Blowfish constants

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	upxHook Create hunting rule
Author:	@r3dbU7z
Description:	Detect artifacts from 'upxHook' - modification of UPX packer
Reference:	https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

Rule name:	WHIRLPOOL_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for WhirlPool constants

Rule name:	Windows_Generic_Threat_e8abb835 Create hunting rule
Author:	Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SilentCryptoMiner

exe 1214268764f9252ca840f1cc7e9b3698ed55f059802fa7ab7442f61144d898d0

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/45571/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample