MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39dd710b8b286e59558fc4d5b4108174cd3bb5dec3b59dcb1c26ade48be035a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39dd710b8b286e59558fc4d5b4108174cd3bb5dec3b59dcb1c26ade48be035a2
SHA3-384 hash: 35bfa742b3736f2d718dc82af7e3b50d8f65cbf59e34c1ffb24acd48608cf5bdb903601ad058e7e587b4cb4d3e027611
SHA1 hash: 59423227440a9ae7f0c8661503df7a2c892300f2
MD5 hash: 43052283af9593a1bade9f46ae0a5545
humanhash: artist-nevada-rugby-mobile
File name:39dd710b8b286e59558fc4d5b4108174cd3bb5dec3b59dcb1c26ade48be035a2
Download: download sample
File size:11'320'599 bytes
First seen:2020-11-10 07:25:17 UTC
Last seen:2024-07-24 13:10:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep 196608:iUGuaRHYGr4o8KuDtDuoj5gTHGzr4nHfLi7gCsLD4:iFZRFbuDb9onHKgC/
Threatray 168 similar samples on MalwareBazaar
TLSH 2BB68D27F4E200F9CA7FD17086979772BA31786943307BA71F90EA751E12F906A2E714
Reporter seifreed

Intelligence

File Origin
# of uploads :
3
# of downloads :
44
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Win.Trojan.CobaltStrike-8091534-0
Create hunting rule

Win.Tool.CobaltStrike-6336852-0
Create hunting rule

Win.Malware.Tofsee-6896728-0
Create hunting rule

Win.Malware.Tofsee-7057860-0
Create hunting rule

Win.Coinminer.Generic-7158858-0
Create hunting rule

Multios.Coinminer.Miner-6781728-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a file
Sending a custom TCP request
Changing a file
Modifying an executable file
Connection attempt
Creating a window
Launching the default Windows debugger (dwwin.exe)
Changing critical settings of the Internet Explorer browser
Creating a file in the mass storage device
Infecting executable files
Enabling threat expansion on mass storage devices by creating the autorun.inf autorun file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/39dd710b8b286e59558fc4d5b4108174cd3bb5dec3b59dcb1c26ade48be035a2/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 07:29:11 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0997dd01a7962e8949d6865d70d7fe6c9771055276123ef2615c721dbc804347
122ec58305457383ce015846fe9598d3ff42c7eae8de6d936d5751b31e75b18f
207baef67d279f7a610295723d1f619d1696feead9b9bc7991ac7798cd4db685
28077a71b3aff9c96a58949ab21b2c9494ff76bbe29ea5df497fa9e2fc26b5a0
2abd579c1a1fd0474b42cb95fb354633bb01eedf4838582d7962a996f6fcc0f7
5fc2660796cdbcb5b96f0ec909f1b1e038b93ce0afdb7326e76bc486efec811a
9533cd209fef9cfb6f69e4755c3cc0ceb63b32f2a70f7a71feecd4fde93d8ac6
c7fdc6e8e80f30dc2855d60f22e5a18ee5a42dcb66f482e2bbc0e0d916bf75f2
d39fddfb18e3b21f9fe716810e8110423b7223d6e697f309e144d9c80e045e98
e36f3a7871e2b5056d56a65c212819d56fa723c8cc96e0c83e8270a205c3321f
+ 158 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike
Link:
https://tria.ge/reports/201110-kx5pr7yvqs/
Behaviour
Modifies Internet Explorer start page
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Program Files directory
Drops autorun.inf file
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Malware Config
C2 Extraction:
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments