MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e5b5171a95955ecb0fa8f9f1ba66f313165044cc1978a447673c0ac17859170. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 13

Intelligence 13 IOCs YARA 10 File information Comments

SHA256 hash:	5e5b5171a95955ecb0fa8f9f1ba66f313165044cc1978a447673c0ac17859170
SHA3-384 hash:	2989b89a59a383eef8b7547e8f5088b8b63fccca72d00d04f603dd37c2ed94f9714c3cf7b3f8de969cd07ee38dd8fe1c
SHA1 hash:	82e6af04eadb5fac25fbb89dc6f020da0f4b6dca
MD5 hash:	57f0fdec4d919db0bd4576dc84aec752
humanhash:	juliet-river-mars-bravo
File name:	xmrig.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	4'578'304 bytes
First seen:	2022-12-31 17:40:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	85614ad7b23a2780453c1947d2a3d660 (1 x CoinMiner)
ssdeep	98304:txsO/8CMAVvEjF6xC2ZXWTP6jL/VrNwcEMh:tqOygxC8XWTPIL/FCcEMh
Threatray	415 similar samples on MalwareBazaar
TLSH	T1B2269E56B6A500E8D9BBC03CC54B9A07F7F2B82643B09BDB16B456690F137E15E3EB10
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	f8e4b4d959d6c678 (33 x CoinMiner)
Reporter	atomiczsec
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

# of downloads :

149

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

http://195.2.79.26/1.ps1

Verdict:

Malicious activity

Analysis date:

2022-06-04 07:00:01 UTC

Tags:

trojan miner loader

Link:

https://app.any.run/tasks/9c7ae489-4810-4181-8bc0-8684a79ca0a2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Coinminer.Generic-7151250-0

Win.Coinminer.Generic-7151253-0

Win.Coinminer.Generic-7151447-0

Win.Coinminer.Generic-7151972-0

Win.Coinminer.Generic-7155777-0

Win.Coinminer.Generic-7158858-0

Win.Trojan.Coinminer-9866537-0

Multios.Coinminer.Miner-6781728-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug coin coinminer greyware h2miner monero pup virus

Link:

https://www.filescan.io/uploads/63b0742f40e878e304219536/reports/f469b6c6-de12-4a74-9043-ba1a8d1bbcfd/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

XMRig Miner

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/79b3a10d-4ae0-49d0-bbc9-b340389dbb69

Result

Threat name:

Xmrig

Detection:

malicious

Classification:

evad.mine

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/523424

Signature

Antivirus / Scanner detection for submitted sample

Found strings related to Crypto-Mining

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Potential time zone aware malware

Yara detected Xmrig cryptocurrency miner

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5e5b5171a95955ecb0fa8f9f1ba66f313165044cc1978a447673c0ac17859170/

Threat name:

Win64.Trojan.MinerXMRig

Status:

Malicious

First seen:

2020-10-19 14:02:01 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

36 of 45 (80.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lznvc4njlfk6zmh2r6prxjtpgeywkbcmyglyurdwopakyf4fsfya._file

Verdict:

malicious

CoinMiner

362911dc126bfc3bf0edde07ab4dcf66e79830f1da312942b1731b6f45ac9da5

CoinMiner

5073e1fa4493b7eda098621c9cc31bdcd36420e277aa9cdda5117def65c88ee9

CoinMiner

60ab8f94c2c07255e65790079803f15fa351f94363102883a14bae63d696c2ff

CoinMiner

ae9f21e994994c7d538df1032eb81cba7c3cbff6a76e8c15d91c8fe6f78dfa28

CoinMiner

af56963172182772cfb8ece6dee221898b281e8f93a62dc82a08cc188131849f

CoinMiner

b0fbbee768b77e2fe719f38622b54a01efd763255048374ab0340d56a430325f

CoinMiner

c7f6ad7d3e040d26e8103885756e2f720a97a16f12ef44bf6707676d26680586

CoinMiner

f213aa18c565dfcb1b7637901b57b6baa6f0d3515b3c601797b418d3d8ff5e2e

CoinMiner

f66d9c77d511503d6d7621198c1054650339a3e4ee49601d87e073e26905676b

CoinMiner

+ 405 additional samples on MalwareBazaar

Result

Malware family:

xmrig

Score:

10/10

Tags:

family:xmrig miner

Link:

https://tria.ge/reports/221231-v9flkaab27/

Unpacked files

SH256 hash:

5e5b5171a95955ecb0fa8f9f1ba66f313165044cc1978a447673c0ac17859170

MD5 hash:

57f0fdec4d919db0bd4576dc84aec752

SHA1 hash:

82e6af04eadb5fac25fbb89dc6f020da0f4b6dca

Detections:

XMRig

Link:

https://www.unpac.me/results/ae589c08-5d15-4d01-948a-26dc6c6d098c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5e5b5171a95955ecb0fa8f9f1ba66f313165044cc1978a447673c0ac17859170

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	MacOS_Cryptominer_Generic_333129b7 Create hunting rule
Author:	Elastic Security

Rule name:	MacOS_Cryptominer_Xmrig_241780a1 Create hunting rule
Author:	Elastic Security

Rule name:	MALWARE_Win_CoinMiner02 Create hunting rule
Author:	ditekSHen
Description:	Detects coinmining malware

Rule name:	MAL_XMR_Miner_May19_1 Create hunting rule
Author:	Florian Roth
Description:	Detects Monero Crypto Coin Miner
Reference:	https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

Rule name:	MAL_XMR_Miner_May19_1_RID2E1B Create hunting rule
Author:	Florian Roth
Description:	Detects Monero Crypto Coin Miner
Reference:	https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

Rule name:	PUA_Crypto_Mining_CommandLine_Indicators_Oct21 Create hunting rule
Author:	Florian Roth
Description:	Detects command line parameters often used by crypto mining software
Reference:	https://www.poolwatch.io/coin/monero

Rule name:	PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 Create hunting rule
Author:	Florian Roth
Description:	Detects XMRIG crypto coin miners
Reference:	https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/

Rule name:	PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20_RID33BA Create hunting rule
Author:	Florian Roth
Description:	Detects XMRIG crypto coin miners
Reference:	https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/

Rule name:	rig_win64_xmrig_6_13_1_xmrig Create hunting rule
Author:	yarGen Rule Generator
Description:	rig_win64 - file xmrig.exe
Reference:	https://github.com/Neo23x0/yarGen

Rule name:	XMRIG_Monero_Miner Create hunting rule
Author:	Florian Roth
Description:	Detects Monero mining software
Reference:	https://github.com/xmrig/xmrig/releases

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample