MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12439fc7c876b8bf881db4e97ed57827c1c4f2fd0ebccc29a4e197b19c80488b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12439fc7c876b8bf881db4e97ed57827c1c4f2fd0ebccc29a4e197b19c80488b
SHA3-384 hash: 396e6ca812e49aea50a54c8f9acf4816c9e100282fa9b69f393255301ae40056f8a1c666da14953e50d7170ac1c66fae
SHA1 hash: 667267a6fa54747d4230f6dce23c91ad49603bb0
MD5 hash: 96d0b6218f91c8aa8a978e2745b2e53c
humanhash: pizza-eighteen-high-romeo
File name:96d0b6218f91c8aa8a978e2745b2e53c
Download: download sample
Signature CoinMiner
Create hunting rule
File size:2'204'672 bytes
First seen:2021-10-10 18:16:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d5d9d937853db8b666bd4b525813d7bd (40 x DCRat, 28 x njrat, 5 x RedLineStealer)
ssdeep 49152:bU6Rp0kaHbMEeC7UIf+oJMklUK810/9iS21PN4MA5fs+h5e37CdW:f0F7Deq5+GM/0lO1PN4Mqs+h5e3Go
Threatray 182 similar samples on MalwareBazaar
TLSH T120A5334929F02306E8E69EB551901FD66DC7306AD111D2CFBE793EB0FB29066508E7F2
Reporter zbetcheckin
Tags:32 CoinMiner exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
307
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
96d0b6218f91c8aa8a978e2745b2e53c
Verdict:
Malicious activity
Analysis date:
2021-10-10 18:19:57 UTC
Tags:
stealer evasion
Link:
https://app.any.run/tasks/055de9ae-f24d-412f-a02e-ece4e15046ab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BotSh1zoid
Create hunting rule
Link:
https://www.capesandbox.com/analysis/196409/
Detection(s):
Win.Trojan.Poison-8692
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Reading critical registry keys
Creating a window
Using the Windows Management Instrumentation requests
Launching a service
DNS request
Connection attempt
Sending an HTTP GET request
Launching a process
Delayed writing of the file
Stealing user critical data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bladabindi njrat packed poison xorist
Link:
https://www.filescan.io/uploads/61632e1f1c2d58ba740004be/reports/16ec608f-b1cb-4ddb-b539-14a23a9db4d2/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12439fc7c876b8bf881db4e97ed57827c1c4f2fd0ebccc29a4e197b19c80488b/
Threat name:
Win32.Trojan.VBinder
Create hunting rule
Status:
Malicious
First seen:
2021-10-05 06:32:47 UTC
AV detection:
42 of 45 (93.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
31f0308a25262c3c2f7e58d60d2c861d73fd4fee2822af6ce393a7676453d3a4
CoinMiner
a07677ebabaa7fc3993f565f32d9299a8c9c1b59e6eb19fe7138c19eef219655
CoinMiner
b41455dfe45bf98bd2f1acec07d7a0df02a3c83e1fdecfb403df3984ab794761
CoinMiner
b55bf0c98c34bb3ca46a7bb08598ffc1a97c9ad7bb47191cd1280b609322267f
CoinMiner
bcc7c88a78159d256da9838d8148b61bf92057b71eabf3bed83ed650d723562c
CoinMiner
e558134f888d403ba60d7db59978502a9071951528cd4873bd4702921012d69e
CoinMiner
ef25bb229ec8ca7d7b2e3d4e23036b74bdc8b9154bb4c5b532e7ea2a0a7c8ee6
CoinMiner
f399f4852c2b6d13cc6424cd73d55ae56c4b6be7161f06e0383a18c024f2db55
CoinMiner
f4ec629473fbe96fa82fe1c1e30e6784144163d662e1c977acf5bc1d62b20c0b
CoinMiner
f84c1b53daf8279593ae9a9f6d8590ceb488318ce70a09bf25bfbf494398a83c
CoinMiner
+ 172 additional samples on MalwareBazaar
Result
Malware family:
xmrig
Create hunting rule
Score:
  10/10
Tags:
family:xmrig miner spyware stealer
Link:
https://tria.ge/reports/211010-ww1v1sgac6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
XMRig Miner Payload
xmrig
Malware family:
RedLine.B
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/12439fc7c876/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Poison
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/12439fc7c876b8bf881db4e97ed57827c1c4f2fd0ebccc29a4e197b19c80488b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

Executable exe 12439fc7c876b8bf881db4e97ed57827c1c4f2fd0ebccc29a4e197b19c80488b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1664551/
Cape
Cape
https://www.capesandbox.com/analysis/196409/

Comments


Avatar
zbet commented on 2021-10-10 18:16:27 UTC

url : hxxp://ruzxpnew4af.space/files/Svc_host.exe