MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 13

Intelligence 13 IOCs YARA 3 File information Comments

SHA256 hash:	37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db
SHA3-384 hash:	cfedb97e8eb40ac8fca42168c7166895dbf721e0650ba5a3682d7287748b4ab3e8fa48d5196d5cc912feed6736155b54
SHA1 hash:	98c08a4b44525c851d5e727e13b11431ce9219fa
MD5 hash:	16fe30dadaf9be2a6e33730ae7d7587b
humanhash:	alpha-oven-burger-california
File name:	37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	669'184 bytes
First seen:	2025-12-23 10:12:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	12288:VeKkUPYz+33eOAJYr2M93Cfwg54NEcQXx9l0JAtkID3EO6OXIKl:aUcOOwELbh9l0JATEO5
Threatray	5'270 similar samples on MalwareBazaar
TLSH	T164E423E8B7856D8BE5BBFB7056E123ECD33B96A8C336C01D165802756B8665C4030EB7
TrID	56.5% (.EXE) Win64 Executable (generic) (10522/11/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	92-118-170-185 coinmarketcaps-cfd CoinMiner exe

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

Downloads.zip

Verdict:

Malicious activity

Analysis date:

2025-12-23 10:14:37 UTC

Tags:

arch-exec arch-scr evasion phishing pureminer netreactor

Link:

https://app.any.run/tasks/f117af6c-f11f-4d01-99a7-9e6588c0782f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45829/

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=694a6b3fa6c88bb4cc23f374

Tags:

virus msil

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

base64 obfuscated packed

Link:

https://www.filescan.io/uploads/694a6b3e84afa5547b5cb696/reports/279cb27c-63f2-4312-b6d3-f45f6bb75827/overview

Verdict:

Malicious

Labled as:

Jalapeno.Generic

Link:

https://www.hybrid-analysis.com/sample/37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db

Verdict:

Malicious

File Type:

exe x64

Detections:

HEUR:Trojan.MSIL.InjectorNetT.gen

Link:

https://opentip.kaspersky.com/37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5e887e67-8599-4407-9135-429820288668

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.95 Win 64 Exe x64

Link:

https://app.malva.re/file/16fe30dadaf9be2a6e33730ae7d7587b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db/

Verdict:

Malicious

Threat:

Family.COINMINER

Link:

https://tip.neiki.dev/file/37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db

Threat name:

ByteCode-MSIL.Trojan.Msilheracles

Status:

Malicious

First seen:

2025-03-15 12:24:10 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

23 of 36 (63.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g74kkt73kn375onwlntofwqivm73enzsd4vokrgplfycfvdvudnq._file

Verdict:

malicious

Label(s):

unc_loader_078

CoinMiner

44d4bc68dc84f0a2f95edf2548c00414377747323e81e104959e5ae19e55bf2e

CoinMiner

5561c5a52f8836af32a1425688d2d1cfb495c89c1c5b4044a49ebc462ab9ece9

CoinMiner

5e540b9fc5908d0a54d2eaf37c5201dd8d2287f5bd6913f9ca70ca32834219cd

CoinMiner

afacbfb5016bbea8212b557ed35c284feeb4b51a6cfa902d9dd7c5c281694eca

CoinMiner

ca9e826ca7d3c8bcaead3a732a20f38ebd1c37d0e4df1df0b4b0c8dc46f2545f

CoinMiner

+ 5'260 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

execution persistence

Link:

https://tria.ge/reports/251223-nntgzavqgw/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of SetThreadContext

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/abf10a43-e9b3-44b1-b257-d05394e76582

Unpacked files

SH256 hash:

37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db

MD5 hash:

16fe30dadaf9be2a6e33730ae7d7587b

SHA1 hash:

98c08a4b44525c851d5e727e13b11431ce9219fa

Link:

https://www.unpac.me/results/e66aaddf-d194-42c8-9f3b-382c08c1dafd/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/37f8a54ffb53/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/37f8a54ffb5377feb9b65b66e2da08ab3fb237321f2ae544cf597022d475a0db

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/45829/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample