MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 251960c51a68122710e9f928d7ea49ea52573f6e9af906e47ce91cfd518e39a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	251960c51a68122710e9f928d7ea49ea52573f6e9af906e47ce91cfd518e39a7
SHA3-384 hash:	c38974259d15f37d159f0b85b3503f7351e3a7ec19568c951550b94d3cc93f080b375980cae844a90081183886121e51
SHA1 hash:	9cfdbfbd2f3f30143e56c15f5c7a92954c587d64
MD5 hash:	790289a06e599ab7fae2b0ebaaf482b0
humanhash:	thirteen-queen-stream-double
File name:	SecuriteInfo.com.Dropped.Generic.Malware.SYd.B595D5FC.3613.14703
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	82'583 bytes
First seen:	2020-09-09 05:30:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	effdb7fad4516056d8d1697272191e7b (1 x CoinMiner)
ssdeep	768:QlFdtNmDiBOSl7wZe090Ux74xeFqg75lAeAS4AcNzmdUCDRkV/L7p:2Dt0DoOc7wZezeFz751cNz0UCdkV/L7
TLSH	A1832D3FBF1848A1C21149341BB6D539C6793E712B96CFF3F5A2710A59308A4FA6209F
Reporter	SecuriteInfoCom
Tags:	CoinMiner

Intelligence

File Origin

# of uploads :

# of downloads :

307

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/58043/

Detection(s):

SecuriteInfo.com.Dropped.Generic.Malware.SYd.B595D5FC.3613.14703.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Searching for the window

Searching for many windows

Creating a file

Enabling the 'hidden' option for recently created files

Creating a process from a recently created file

DNS request

Creating a file in the %temp% directory

Sending an HTTP GET request

Connection attempt

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Blocking the Windows Security Center notifications

Creating a file in the mass storage device

Enabling threat expansion on mass storage devices by creating a special LNK file

Sending an HTTP GET request to an infection source

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/251960c51a68122710e9f928d7ea49ea52573f6e9af906e47ce91cfd518e39a7/

Threat name:

Win32.Worm.Phorpiex

Status:

Malicious

First seen:

2020-09-08 06:55:08 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=eumwbri2najcoehj7eunp2sj5jjfop3otl4qnzd45eop2umohgtq._file

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence evasion trojan

Link:

https://tria.ge/reports/200909-plz679yzss/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Adds Run key to start application

Loads dropped DLL

Windows security modification

Executes dropped EXE

Windows security bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malex

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/251960c51a68122710e9f928d7ea49ea52573f6e9af906e47ce91cfd518e39a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

exe 251960c51a68122710e9f928d7ea49ea52573f6e9af906e47ce91cfd518e39a7

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/455832/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/58043/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample