MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d310ac77128eeb8420eb2801665537f2d68f47cc1fcfcb58778f51fdc92b86f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	3d310ac77128eeb8420eb2801665537f2d68f47cc1fcfcb58778f51fdc92b86f
SHA3-384 hash:	cdcb233c52313df9bde09d61931c2117f01f0ee8bcf0a0f93445134e8b64cdf64dee29322ff7dee2e5a6c3d13c27a950
SHA1 hash:	0dba82591c0f1bb6d4a6434f38bf277160b51383
MD5 hash:	53a500c0b2fc2b40b6732496b3c5de32
humanhash:	solar-carolina-river-mirror
File name:	3d310ac77128eeb8420eb2801665537f2d68f47cc1fcfcb58778f51fdc92b86f
Download:	download sample
File size:	5'486'215 bytes
First seen:	2020-11-10 07:22:27 UTC
Last seen:	2024-07-24 13:19:33 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	227fe66ff6f22dec0266a5718d365ece (39 x CoinMiner, 1 x CobaltStrike, 1 x Berbew)
ssdeep	49152:ROdWCCi7/rav56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lr:RWWBibM56utgpPFotBER/mQ32lU3
Threatray	259 similar samples on MalwareBazaar
TLSH	06465C41ED9B45F2EB8712308CB31E5F6333B2190335EAC3DA654A6FE5276E46B36241
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.CobaltStrike-8091534-0

Win.Tool.CobaltStrike-6336852-0

Win.Trojan.Razy-7331645-0

Win.Trojan.Razy-7332867-0

Win.Trojan.Razy-7364523-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a process from a recently created file

Connection attempt to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3d310ac77128eeb8420eb2801665537f2d68f47cc1fcfcb58778f51fdc92b86f/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-10 07:27:59 UTC

AV detection:

36 of 48 (75.00%)

Threat level:

5/5

Verdict:

suspicious

24343537bd4eebe147a3e01b7ef74cf0e60082fe0a976d68be10ca261d2b6ee1

33369705401ac41b7c9ad1ca4813d578c232f04903f8c1c6784407de871be6f7

36d4dfbd3d0ebad99bc8c6f4ed63297fdac990714ed8db3781f12692019aef59

7eab136ce2cf0217512d9453216dd31fde0c58037a36761a4a98670b1fcd49ed

a1ac074204dcb72d6873db3cbb4abd108aaa6b64563064cf530fb365547ec05a

bb7e32a1873db5fbaafb2ef0f60e6bc12e07021c37965d987876ca4e3a80366a

c3060d13558f58e9894188ef3271e8ba156d88540bca888eed07a50d05dd73db

f17683c0720c1ee70362ee0b0c101f2ea4b26a676ac4f3a51af81ad78566271b

f8c274db25e3a171ac12f9b64fe67fe49d4ff4d64fbee98ef2d640cffa07e842

+ 249 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan upx

Link:

https://tria.ge/reports/201110-znllzq2s7e/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops file in Windows directory

JavaScript code in executable

Loads dropped DLL

Executes dropped EXE

UPX packed file

Cobalt Strike reflective loader

Cobaltstrike

Malware Config

C2 Extraction:

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample