MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner.XMRig


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745
SHA3-384 hash: 178e3121a944c5362d190ae9bcf5a1d8b904e04f68de0aae20b79cc712916671c38a0e8797527a9e73c57633b5c0d407
SHA1 hash: 78be65d86a6918643092e8e90fd72ad3b9ab997f
MD5 hash: be75e9e51767b5a59536afbbf9ffafbc
humanhash: west-bakerloo-solar-nevada
File name:be75e9e51767b5a59536afbbf9ffafbc
Download: download sample
Signature CoinMiner.XMRig
Create hunting rule
File size:829'440 bytes
First seen:2022-05-18 14:29:10 UTC
Last seen:2022-05-18 15:41:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:MbewlQtfYJM9j+lVfZ+GsZEw2dkjH/+4x8g8+OK8sMcUHywVbRKfwLvFB:MbewefYJSqlnaaD4mci+OKDUHyulDf
Threatray 218 similar samples on MalwareBazaar
TLSH T1DD0512A1770C95CAF8290276080BC94519B2FC7E45F4736E66AA736ECDF6352107B84B
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 39f8e666fccccc70 (1 x CoinMiner.XMRig)
Reporter zbetcheckin
Tags:CoinMiner.XMRig exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
278
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
be75e9e51767b5a59536afbbf9ffafbc
Verdict:
No threats detected
Analysis date:
2022-05-18 23:13:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/14c8b2ce-a97e-4d36-afb5-b2b33c471c42

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/272132/
Detection(s):
SecuriteInfo.com.Suspicious.Win32.Save.a.1975.2081.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c191e816-234a-498b-a16f-8566cf4aa785
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/996877
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745/
Threat name:
ByteCode-MSIL.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2022-05-18 14:30:08 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
22
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gcshrc45p2z4kbadon7uv44ifn43u5nyeaovhlx3gwjtn5lwg5cq._file
Verdict:
unknown
Similar samples:
137c8e3e5c12b84d31907c3b8adccae1f3c19177ad410f36e423b5efa425af19
CoinMiner.XMRig
649196028a2da14a49c0e7ac613ddb03e5cc6ab289081ee32d08b192d562859a
CoinMiner.XMRig
6aa5078347357a441ef4427f92696b1d87bca4602c34ce794dbb051463e137f1
CoinMiner.XMRig
cd84c2fe9c5f3783d3a6ebdea43e14774975f092ef5242a857b9a4a28e14878a
CoinMiner.XMRig
f5aae19b73a4833e19ccff1b95dafa7b0c31a1def9bbaa5480593af68b2f4c85
CoinMiner.XMRig
f6aa394f7b0a0f629da6831a1134e4a6cbf21c70dce7f4133319d638d4b58023
CoinMiner.XMRig
f751501b33b4d7e35aa20d08f718e5a8ed1c0471b4da1bdd2562a3536d83d58e
CoinMiner.XMRig
fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522
CoinMiner.XMRig
fbb5f1c79a67b50ca7caf5b0ddb2d93224bfd585605e73167f0a9ea3f0a230ee
CoinMiner.XMRig
fc89316ccd912e374995269d989e0649492e77ed774e5556118289e152479a30
CoinMiner.XMRig
+ 208 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence suricata
Link:
https://tria.ge/reports/220518-rt43faagf4/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Adds Run key to start application
Checks computer location settings
Deletes itself
Loads dropped DLL
Executes dropped EXE
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
Unpacked files
SH256 hash:
30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745
MD5 hash:
be75e9e51767b5a59536afbbf9ffafbc
SHA1 hash:
78be65d86a6918643092e8e90fd72ad3b9ab997f
Link:
https://www.unpac.me/results/ba6857a2-ef53-46b6-a1ae-008aff687a83/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner.XMRig

Executable exe 30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/272132/
  
URLhaus
https://urlhaus.abuse.ch/url/2200897/

Comments


Avatar
zbet commented on 2022-05-18 14:29:20 UTC

url : hxxp://199.188.204.245/mine2.exe