MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31
SHA3-384 hash: 546df0f574ce42de97f5b8c4773ad861004970d9a567258c1c6bbd9dcd28b05a96662d74ff938434d93a2c15d2c1c8b9
SHA1 hash: 1aaf7f21fd99f41ae6c424fc7cc3932d76a4072a
MD5 hash: 09a661a617904794e41ae5d7ecacc3c1
humanhash: angel-snake-stream-montana
File name:2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31
Download: download sample
File size:11'222'286 bytes
First seen:2020-11-10 08:47:33 UTC
Last seen:2024-07-24 12:43:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep 196608:og2alw7dv1lsnVluDhmTWuF66FNdBwqTwHEFoWlg:oNSw7+nuDrERxBwvHL
Threatray 169 similar samples on MalwareBazaar
TLSH 48B67D27F5E204FDC67FD17082979732BA31786942307BAB1B90DA752F12F906A2E714
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Win.Trojan.CobaltStrike-8091534-0
Create hunting rule

Win.Tool.CobaltStrike-6336852-0
Create hunting rule

Win.Malware.Tofsee-6896728-0
Create hunting rule

Win.Malware.Tofsee-7057860-0
Create hunting rule

Win.Coinminer.Generic-7158858-0
Create hunting rule

Multios.Coinminer.Miner-6781728-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ec0880418b3a5697ac69cecb0f194d2a6a2e5785f1dded079c5e12056d45c31/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 08:49:19 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0554d7a70d8c9140ce2f2548721df62e6e6cee5c2154c07f8177483503b9e710
0c3155d4c87559a9fb87f0341c84a91b0ed6d17c1a3bbf5f1ffa2647cab8be53
1b849a9e416510a43ae6f3ef8b9a272f7f3094ae1af7f8228212e39dc9fb64f7
40060eb0d5e769d9a65987c9c1bace3525e0fe6b6ca0f1b5693b2ba4871d032b
8228d0bcf1de93c74dfebfae7a4bcb40c7022cbd9dc7b952f95a149987eb726c
85a588bc7e92b4e3a32b439477d47a54da61a22f9bb333e4257966ae291d383a
a0e77464bcaf8c4f00f9eef0accc1d0437937595dd442de8ff98858812226910
bde1275ab6b4bbc22a323c9735cb678e039f3b3504613ab27225664dd91c5632
bebb125456266d90678d0bb26ec95a812a96edd68523d41b00a7d7c9ead8a821
d263ca7460c0c002e23422c350e23bc02ced51761458bfed03f2941592d54436
+ 159 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike
Link:
https://tria.ge/reports/201110-cj2n95e4js/
Behaviour
Modifies system certificate store
Malware Config
C2 Extraction:
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments