MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59f70c5e1c08e57af20f6362ffa91c675db5bee6614297320383fd9c5f4a60f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59f70c5e1c08e57af20f6362ffa91c675db5bee6614297320383fd9c5f4a60f2
SHA3-384 hash: a6a56cccb24b43942dc33926ac68da1dda659c1b2ef72c6616a6812ffd4854794908c6fff15bcfc8e9d1eaac87a31bc4
SHA1 hash: 5287e562cfb5babc7dcb828fbcf812ac970111e6
MD5 hash: 90e793a60cedc680c8f74f1ddb0af9d0
humanhash: lemon-speaker-early-iowa
File name:59f70c5e1c08e57af20f6362ffa91c675db5bee6614297320383fd9c5f4a60f2
Download: download sample
File size:1'863'100 bytes
First seen:2020-11-07 19:31:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e4290fa6afc89d56616f34ebbd0b1f2c (50 x CoinMiner)
ssdeep 49152:Lz071uv4B7MkibTIA5lCx7kvRWa4p1HzDgU7yW:NABr
Threatray 108 similar samples on MalwareBazaar
TLSH 838533695E1A1C7ECAEC203D24FD0F0F41A1DF558048ADB8E3E6354F2A6DBAD115F24A
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Coinminer-7331384-0
Create hunting rule

Win.Malware.Eati-7331635-0
Create hunting rule

Win.Trojan.Coinminer-7331970-0
Create hunting rule

Win.Trojan.Coinminer-7331971-0
Create hunting rule

Win.Trojan.Coinminer-7332650-0
Create hunting rule

Win.Trojan.Coinminer-7332688-0
Create hunting rule

Win.Trojan.Coinminer-7332689-0
Create hunting rule

Win.Trojan.Coinminer-7332725-0
Create hunting rule

Win.Trojan.Coinminer-7332745-0
Create hunting rule

Win.Trojan.Coinminer-9670639-0
Create hunting rule

Win.Trojan.Coinminer-9787657-0
Create hunting rule

Win.Trojan.Coinminer-9787666-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Connection attempt
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59f70c5e1c08e57af20f6362ffa91c675db5bee6614297320383fd9c5f4a60f2/
Threat name:
Win64.Trojan.CoinMiner
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 19:39:05 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
17951136d0013f019008ac6efbef0a7e07191f8b9d1437a8f2288bdabaef12df
25883b9724bd25a86a10fe490ebaf04075002ff23c49540ac9b8803ff6c666c7
3a020d092c12fbf9ed870ae78cc215bf4f8986b8fc89a698d5461a69ade5e05f
407146c61a75f7671060b112142faf417a40b5b8be35ac0cb2fb931219ccb073
79358bd800eb2a907193bc1f9595b465ab22c1f1d7b562c0ceb6af3ce5e2e144
7a3df8be128db22761297239f1c8db1edaa04a7fbda1433607de05e969526b4f
99a195a691e9d13e10c9ba4289042e1c224f278d96fffa362181899aa10e83ac
c06cafcfdd784450a09653e8d571c658c25adf34b7a7e9715cf28cbd4353d3b8
c141c25789fb6d9ba283cf8b8657c97894132c998e91e2ff3dc79e9585addafe
c7c51b4c380b59c364a3ec2bad5e69139c662ae2cf8e920954d2cb01b512c8fd
+ 98 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201108-91za3kwyxe/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
UPX packed file
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments