MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59eb9a464fd6e3556d9bd54ff242931530d8f8efdc6317580b071d487277c6e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	59eb9a464fd6e3556d9bd54ff242931530d8f8efdc6317580b071d487277c6e4
SHA3-384 hash:	e4d254db6f13763c3b397b65c84244e0066de0b8377a1ea53b227ff3e1df05a4a76a3325584a625bc7d77fbc255431eb
SHA1 hash:	3a3a3821f3c857bfa64e8390df113b54e1e4e19a
MD5 hash:	ed48339168dbf7354abaa1b3a70c694e
humanhash:	failed-harry-avocado-low
File name:	59eb9a464fd6e3556d9bd54ff242931530d8f8efdc6317580b071d487277c6e4
Download:	download sample
File size:	5'956'236 bytes
First seen:	2020-11-10 09:08:29 UTC
Last seen:	2024-07-24 14:42:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	71f37f91c14c4729e462a32b6b2ae9d4 (27 x CoinMiner, 12 x CobaltStrike)
ssdeep	98304:gdue0qrdfE0pZaJ56utgpPFotBER/mQ32lUD:Es556utgpPF8u/7D
Threatray	174 similar samples on MalwareBazaar
TLSH	09565D41EDAB05F2EB8712308CB74E5F633372190335E6C3DA650A6FE9276E46A36741
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/59eb9a464fd6e3556d9bd54ff242931530d8f8efdc6317580b071d487277c6e4/

Threat name:

Win64.Trojan.CoinMiner

Status:

Malicious

First seen:

2020-11-10 09:10:12 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

unknown

15a9f8715610803f1583a22d29c39811712e89c007c7cfcf617535579c59b1da

165b7c62d6bc2d109826476476e998f4fe24592f70fa76c3799b2bb5d71c6398

26753314f966b0e5a8a27723689c51fd05e0e8035e96948285f0572f377d25f8

2a03af662a64d3deb050b7a329060214b46dbb817aeb1fed697929b3db962388

44fde9d55dcbcb0e6717f3175d7227ef6824c101ecea08611c2415685f035398

a2e2b9c58537f3211cf4a643b93c3526002709eabdee27f0cbbfb9fc1ed63acb

cb2a95b38b39c9536311d471aa17525188ae7fa2a0b537a9f574018ebec5575e

cedb241278eee2fc81f3c49cd8724ac67968ee279de9bcc834dc3914200fc674

db89ba255662ce43b67a019667090b62924c8062212788ce2913f527ddf4324c

+ 164 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike

Link:

https://tria.ge/reports/201110-4qcjdllcz6/

Malware Config

C2 Extraction:

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Unpacked files

SH256 hash:

59eb9a464fd6e3556d9bd54ff242931530d8f8efdc6317580b071d487277c6e4

MD5 hash:

ed48339168dbf7354abaa1b3a70c694e

SHA1 hash:

3a3a3821f3c857bfa64e8390df113b54e1e4e19a

Link:

https://www.unpac.me/results/85549f53-f60f-44ca-9e4e-004494caece4/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample