MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 614f1dc4956f594d6be2b5b01794ff540cfe8a068af01ca1383ab60d885d0c78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureMiner

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	614f1dc4956f594d6be2b5b01794ff540cfe8a068af01ca1383ab60d885d0c78
SHA3-384 hash:	93ed9db4f43b615ade81f20cd8be7ca4196dad9a7bbfe77f9fd963d5df85bcee2beac410f7eb263c90b7f8ddde06ba66
SHA1 hash:	395f61039906fb22285c6b1244c3cad35e1ed030
MD5 hash:	4e49bcbd2090e0427ae9b970be30f25d
humanhash:	bluebird-one-river-blue
File name:	4e49bcbd2090e0427ae9b970be30f25d.exe
Download:	download sample
Signature	PureMiner Create hunting rule
File size:	14'336 bytes
First seen:	2022-09-27 06:19:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	192:ecIUjKdLiLJZNVCRzySYroCr73W1ctPKCI335W8TzpAV1thZlf:eFBdLiL3NkzySYvi4PKCI5t+vhZl
Threatray	9 similar samples on MalwareBazaar
TLSH	T12A528E4083D94229C82BD3F288F367511AF1FE92D55ADB6DB0A5762F9D32E94BF00750
TrID	63.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	aaa22bc9e876aaa2 (1 x PureMiner)
Reporter	abuse_ch
Tags:	exe PureMiner

Intelligence

File Origin

# of uploads :

1

# of downloads :

250

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/313830/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Sending an HTTP GET request to an infection source

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/63329615622c8ea9ede99aa1/reports/495e2691-326d-4feb-800f-cb6bcb43f3fc/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/3218b1d6-281d-47b5-8c54-938da67618a8

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1078039

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/614f1dc4956f594d6be2b5b01794ff540cfe8a068af01ca1383ab60d885d0c78/

Threat name:

ByteCode-MSIL.Trojan.Bsymem

Status:

Malicious

First seen:

2022-09-27 04:00:05 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

2

AV detection:

16 of 40 (40.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mfhr3revn5mu227cwwybpfh7kqgp5cqgrlybzijyhk3a3cc5br4a._file

Verdict:

unknown

Similar samples:

0e3e160ddaa8d68817083c0af379a529fe607c414bb9a9befed895ad7f9d3b38

0ec33bc86c6f2e240ff245660128e9bff5efbf187d321033941d1b279f2b216c

36d0c6d5280a29e061d07ad6eac7236e063ee8023ac398bb6d3f34a3f8aacb83

4bffffde56eece4e7588a5ebe9c7f53c822e516442a16eb351437807f0da841f

6d62cebf308b5ab873d98e0447c68f936bc34addeb924eb8ef972072ca13d4bf

8fcafbce9965e41f0788634133b69cd42bebc118aa2a5b8da11842b1e088ebb2

a29d5d9dae6f9937c1f0dcf733031f3478d74f326c1913727eb9e65e53c82ab9

ebe656282f8df5e525466eec755971f1fd3a28452acf9c185e7b6529574d0b9c

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/220927-g3r45adghl/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/f1692138-8f60-445c-8bd3-51e6e89c34a2

Unpacked files

SH256 hash:

614f1dc4956f594d6be2b5b01794ff540cfe8a068af01ca1383ab60d885d0c78

MD5 hash:

4e49bcbd2090e0427ae9b970be30f25d

SHA1 hash:

395f61039906fb22285c6b1244c3cad35e1ed030

Link:

https://www.unpac.me/results/582c4fb2-3526-44b0-84ec-9ae4c387c260/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/614f1dc4956f594d6be2b5b01794ff540cfe8a068af01ca1383ab60d885d0c78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 614f1dc4956f594d6be2b5b01794ff540cfe8a068af01ca1383ab60d885d0c78

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/313830/

URLhaus

https://urlhaus.abuse.ch/url/2306837/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample