MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c5ca35ce1f8a45fdeffbb912c810214217559af8161ed072eca1ff6379dc405. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 7

Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash:	2c5ca35ce1f8a45fdeffbb912c810214217559af8161ed072eca1ff6379dc405
SHA3-384 hash:	dc500ce1f6bef1fa9827d61076d72982acfad3c2cb44f4c1cd68c53243a253b2678bebf4868d79c2225e692e932c1146
SHA1 hash:	b7b66e3d31754abd95b026b66702f23be46edbe8
MD5 hash:	b70f8c4ae0ba25de246ce651fe4ccbb2
humanhash:	july-pizza-oscar-iowa
File name:	tsm32
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	1'897'740 bytes
First seen:	2021-11-16 18:19:05 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	24576:4Erv9iryHyyv9pkZGpLiXKudl22eE9+57Pd6Ynz5j34m5T9BFAtAYQqn8y4dR:gryvQkpLiXKh2a30UTRAtAYQqn8y4dR
TLSH	T1F4954C06A387CDF2F2B345B00789D7372971821A9063F4B2EE89BB55767A1016F27379
telfhash	t1ff11cc0ae93d4aba0ad29c29cc1a56cb4183da335479e614ff58ebd0503e601f61dc8f
Reporter	c0r3dump3d11
Tags:	CoinMiner elf exe test

c0r3dump3d11

From SSH/Telnet honeypot

Intelligence

File Origin

# of uploads :

# of downloads :

172

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Agent-7658186-0

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

67%

Tags:

coinminer hacktool

Link:

https://www.filescan.io/uploads/6193f6562695a62af9f17661/reports/9515630d-fd7f-4c92-80d4-cfaa7a282531/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

not packed

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/2c5ca35ce1f8a45fdeffbb912c810214217559af8161ed072eca1ff6379dc405

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Malware family:

Outlaw

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c9bb4e1e-e102-4fcd-abb8-6b1a3e6dfcc2

Result

Threat name:

SSHBRUTE Hacktool

Detection:

malicious

Classification:

expl

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/890633

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected SSHBRUTE Hacktool

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2c5ca35ce1f8a45fdeffbb912c810214217559af8161ed072eca1ff6379dc405/

Threat name:

Linux.Trojan.Miner

Status:

Malicious

First seen:

2020-02-25 08:16:43 UTC

AV detection:

17 of 29 (58.62%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/211116-wyrp5abher/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2c5ca35ce1f8a45fdeffbb912c810214217559af8161ed072eca1ff6379dc405

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.