MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6
SHA3-384 hash: 5862ed50afdf45e95ff47fbdb500f263da6f6b9e3abf34b7d449d1a19135c8ffb6e08c19ef5c6fb715feb115455b379c
SHA1 hash: 95deef8d6691f9e2c2f26c9bf89b85f29f7fb6cc
MD5 hash: 7513022065c5861d5b65ae93c8bd2ce0
humanhash: violet-five-minnesota-nuts
File name:5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6
Download: download sample
File size:2'261'504 bytes
First seen:2020-03-26 22:21:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f61687272ede04042da2ed03fc12db7b (1 x CoinMiner, 1 x CoinMiner.XMRig)
ssdeep 49152:PCBB+vZ5e4T7VIA6cF6bSrdDfEBzn3AFESqZkHP6GKudz6Cr:PCmZjZIHbSrdDcBUFES7HSGK26w
Threatray 28 similar samples on MalwareBazaar
TLSH 8FA5335B4F54ABECE570EA79836E586CB725BC28D3134FA79441B8B23D0E16A0FE3054
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Win.Malware.Temr-7070541-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Coinminer
Create hunting rule
Status:
Malicious
First seen:
2020-03-25 15:05:43 UTC
File Type:
PE (Exe)
Extracted files:
91
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
22daeb4926cc6d795bdf53a3e5ba750a62c81aa85f9bcfb2c424577873f9164c
23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
39c531db99d46a4b3906a41e6e1afdb2523106c795b11eecaf75bc3a1fbff57b
4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
8d85f53634baffb8ccd9907595a253fff4542f33b158e8a57223c5ff51dfa1d3
9b6c23ee51101f9e2542bb697e7b218e0a57d51ac6b577998cba351581aa7491
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
+ 18 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/111418/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
MULTIMEDIA_APICan Play MultimediaWINMM.dll::waveOutOpen
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteA
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments