MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0
SHA3-384 hash:	4ef2ad5f53fd0c9f2015464933e7a52cd2e3c8d1cee3c738e459be63ee296ccac9fd077c241e4915f8c58b480761e025
SHA1 hash:	4b446f914514220b39f918175f2c960098c09e90
MD5 hash:	25982cbfee82ec33c8a1c879ece423cd
humanhash:	ink-spring-papa-solar
File name:	25982cbfee82ec33c8a1c879ece423cd.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	2'040'832 bytes
First seen:	2022-02-03 14:46:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	02549ff92b49cce693542fc9afb10102 (84 x CoinMiner, 2 x CoinMiner.XMRig, 1 x AgentTesla)
ssdeep	24576:aTV4XGrg9hvZOOa5fJjDPjwPzWOTxAl+Hl+zg2pPxy6Yll77vJpFkmMMuna:cDkhvZnmOPzWQKCl+zgapBYlnc
Threatray	829 similar samples on MalwareBazaar
TLSH	T1AC9533BD59310F97D38E0037FB484BAD8CB2E8B46E359556C39648F962246FB6650CCC
Reporter	abuse_ch
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

# of downloads :

211

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0.zip

Verdict:

Suspicious activity

Analysis date:

2022-02-03 15:54:34 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a1e5175c-2c10-4a6e-99e5-8df05818a46a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/232281/

Detection(s):

SecuriteInfo.com.Trojan.InjectNET.14.32410.14667.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Creating a process from a recently created file

Creating a process with a hidden window

Unauthorized injection to a system process

Enabling autorun by creating a file

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5879/overview

Behaviour

MalwareBazaar

CallSleep

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/61fc316a6d25ac9e7901e06c/reports/bcca6ead-208d-48ef-a00c-1591c6a0273a/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/305e7a07-cf87-45f0-a6b7-ad6c0a63ccb6

Result

Threat name:

BitCoin Miner SilentXMRMiner

Detection:

malicious

Classification:

evad.mine

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/933450

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0/

Threat name:

Win64.Trojan.Wovdnut

Status:

Malicious

First seen:

2022-02-01 00:30:42 UTC

File Type:

PE+ (Exe)

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Verdict:

malicious

CoinMiner

0e49a7e27c826b6afb92d25bd287493693af46e42838270cf96ee2f27c2c0521

CoinMiner

1f3246dd99e2f38b68b94c56fc44ac8994eb924e8526d395dcdfb7a9fd34da91

CoinMiner

422d172383682bb5d0d3118e5caf590bbf90e32a60657b478f28076f7d840535

CoinMiner

5eac63fc61a6c010a8be021bf6d86d377f03c10fcd447c1342d0aba35ae6b68a

CoinMiner

626e1458922127b621d2f25c7fea6aae5a6db80ce562be768f23386fcd8c0b00

CoinMiner

914cd602a58f69dd35dd207d8128807926a139f27f4d8b7b2b958041783bc10c

CoinMiner

aa8b65b91dabd75e184fef4367d05df97aae8da466c1896b2ca60f601a8b9681

CoinMiner

f3b7556c1a960019ed0c01cdff84412b5c58beed377181573bb34a92f00ddb76

CoinMiner

+ 819 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220203-r5wv7saeh5/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0

MD5 hash:

25982cbfee82ec33c8a1c879ece423cd

SHA1 hash:

4b446f914514220b39f918175f2c960098c09e90

Link:

https://www.unpac.me/results/3c489fd5-6313-4221-ad99-371236496220/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

exe 41e99d281f1093e49ef23383633e481b3a18afd2386f94371fb215dec16ba2a0

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2026309/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/232281/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample