MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
SHA3-384 hash: 01436bd46cb7f6c64f9f20fad9536cf317d442162462f0fc2ed2c5803a0ced9899e9b8c3be432bfa53ca638c14d0e34c
SHA1 hash: b2f7888d7cad8cdf8ec088beed2016aa25543439
MD5 hash: 26b47b54536e9c45a5d8e9f9141b9859
humanhash: music-december-undress-diet
File name:SecuriteInfo.com.Trojan.Heur.GM.0000436180.20773.23418
Download: download sample
File size:9'163'264 bytes
First seen:2020-05-12 13:29:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5346271e19c97ff7635cfa504e8439ab (1 x CryptBot)
ssdeep 196608:XCgxwmPpoCtterxviicZWmIpUfI6UQHRYajrUYkg:X3xdNtte9viiQWnpUfIDQHRYaXUYkg
Threatray 52 similar samples on MalwareBazaar
TLSH 6A9633E039AF1D85C2E05C3F22AFAD124928DD5E5BBF29BD0D9973080D6F583167885E
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Heur.GM.0000436180.20773.23418.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Coins
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 08:29:12 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
08c31318d635778eaaf19c55440ed58570e764db28339f3061d927d9f3643ce3
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
68e0c8bcb14bc94813d8c6494966d1f32b60ccca1fb9d80996707abeee3d2db5
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
84581968dd8c3480b3f0dcc2cd0cffa26542bb8cb79c8150f2be5ea5afd1b6b1
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
c91e89e7dd72b337a6933cf71f0b9905d58460ca0f0c922f49ad86d3819af960
d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2
f8915227c25c5ac552d66f3708f615cd517363953829d3715f38666d7dfa9770
+ 42 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery evasion spyware trojan
Link:
https://tria.ge/reports/201109-jyw5j8vz9n/
Behaviour
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
Looks up external IP address via web service
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/361528/
  
Delivery method
Distributed via web download

Comments