MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e528ae82c1f0a1e531ebefb50870eaf369d3a03064c41bf0020e1f84f08007b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	3e528ae82c1f0a1e531ebefb50870eaf369d3a03064c41bf0020e1f84f08007b
SHA3-384 hash:	d874738799af4371c8e6c4411fbe528aef23ed5e2521ef676cf06682ba132dcf118119c549f11f2f999f8b3528539190
SHA1 hash:	b79cfc5fe71a03efb424b66cd7610c0c628f60c7
MD5 hash:	d244db4961528299eb9070e062b5da57
humanhash:	cold-low-chicken-angel
File name:	3e528ae82c1f0a1e531ebefb50870eaf369d3a03064c41bf0020e1f84f08007b
Download:	download sample
File size:	11'299'095 bytes
First seen:	2020-11-10 06:39:41 UTC
Last seen:	2024-07-24 13:23:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f06dc709a5b17f58964c6e5478a768b5 (4 x CobaltStrike, 4 x Riskware.Generic, 1 x CoinMiner)
ssdeep	196608:Sau+drbB5o6QK2uDLbFCQTS25uCSH0VwHEFoWhP:SjirA7uDUsFfSHLHe
Threatray	169 similar samples on MalwareBazaar
TLSH	C5B67D27F5A204FDC67FD1708297D732BA31786942307BAB1B90DA752F12F906A2E714
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Pseudosigner-36

SecuriteInfo.com.Generic-EXE.UNOFFICIAL

Win.Trojan.CobaltStrike-8091534-0

Win.Tool.CobaltStrike-6336852-0

Win.Malware.Tofsee-6896728-0

Win.Malware.Tofsee-7057860-0

Win.Coinminer.Generic-7158858-0

Multios.Coinminer.Miner-6781728-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Creating a file

Creating a file in the system32 subdirectories

Modifying an executable file

Changing a file

Connection attempt

Launching the default Windows debugger (dwwin.exe)

Creating a window

Sending a TCP request to an infection source

Changing critical settings of the Internet Explorer browser

Infecting executable files

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3e528ae82c1f0a1e531ebefb50870eaf369d3a03064c41bf0020e1f84f08007b/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-10 06:41:35 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

unknown

28077a71b3aff9c96a58949ab21b2c9494ff76bbe29ea5df497fa9e2fc26b5a0

5168ea739c73173a9013bd4cf17ee56836a4c5025787ecbdee96feb8cce82b1d

6a4df09ab78ce56ed0ab498aefaab6e5b85eb1945afc9deb49fdd6ae90e93a71

8404922269db9017b6d8834f7043cfc75df0b321b3cd3e5e385a9a811a59819c

9c3b39f9ea962517cb7c94e8ee96501ef0db2a1c60029061dd2af0102b5de1cc

a6716509395bbeb0b27d4f384927e7c5b3e75f9fa6e1def742340ab128c15a89

b09d35ccef1c0c365b08cd320dea186d23902a900d34dfd170767b5d42a550ce

c7fdc6e8e80f30dc2855d60f22e5a18ee5a42dcb66f482e2bbc0e0d916bf75f2

eeefbf3fc5eaa2e8a586e76409ca853df354aaee653f6496bafc0f07629ce54d

+ 159 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201110-5zh8ztgtax/

Behaviour

Modifies Internet Explorer start page

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Program Files directory

Drops autorun.inf file

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Malware Config

C2 Extraction:

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample