MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6825716f7a72eedb249630bf9b0331a80cb09db8522f0fccbdcdbbe333c1c2c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	6825716f7a72eedb249630bf9b0331a80cb09db8522f0fccbdcdbbe333c1c2c7
SHA3-384 hash:	6820d77ec84ad9fd0c2f481059c55be16ee6c3d9c174ee985e960bea5e3afe72fee0db4825e144f11b94019c1634a519
SHA1 hash:	6c8d9138efc0b9c8a9e2f4c63b62fc3e8b2959d6
MD5 hash:	74d8de3dfb5e539b1587d455df9ec1bd
humanhash:	jupiter-eighteen-coffee-three
File name:	74d8de3dfb5e539b1587d455df9ec1bd.exe
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	2'043'392 bytes
First seen:	2022-02-03 14:45:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	02549ff92b49cce693542fc9afb10102 (84 x CoinMiner, 2 x CoinMiner.XMRig, 1 x AgentTesla)
ssdeep	24576:gOitkipeHLW1iycLbMBCAnKGUPwhmuU1FIVcWH00Pln6x4sF29pxat7RW57Jl:gOIki3ijLbrCAH4GgqNAnatRAl
Threatray	707 similar samples on MalwareBazaar
TLSH	T17895337FD790F124F752A0765992F83F54B60AE479B40A43C0EEDBCA3388486895AFC5
Reporter	abuse_ch
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

218

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/232275/

Detection(s):

SecuriteInfo.com.Trojan.InjectNET.14.16566.7601.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Creating a process from a recently created file

Creating a process with a hidden window

Unauthorized injection to a system process

Enabling autorun by creating a file

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5875/overview

Behaviour

MalwareBazaar

CallSleep

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/61fc316118d1bfdde4ef3177/reports/ce041f6a-f783-4485-a5c4-90b68a4d271b/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c3ba192a-f362-4746-8c48-d669bf033084

Result

Threat name:

BitCoin Miner SilentXMRMiner

Detection:

malicious

Classification:

evad.mine

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/933415

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6825716f7a72eedb249630bf9b0331a80cb09db8522f0fccbdcdbbe333c1c2c7/

Threat name:

Win64.Trojan.Donut

Status:

Malicious

First seen:

2022-02-03 12:18:29 UTC

File Type:

PE+ (Exe)

Extracted files:

1

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

1701171f89917e432739335ca3db9960f49bf7616a3832b4951df3215ceb0334

1f3246dd99e2f38b68b94c56fc44ac8994eb924e8526d395dcdfb7a9fd34da91

36a143318fa67627e0b9351d7add36540248fc73b147a83cff6d97f2c39b63c0

3ecd5c3536415bb2abfc0c5854323340a7e049d83da7f5b7f6e3c4c4278ed68e

914cd602a58f69dd35dd207d8128807926a139f27f4d8b7b2b958041783bc10c

a1d0727470709c53a1eacbfbf47eb4c9e83aff4c7ebf2161f8d925dd62c9cdaf

b4a3cafc8553c06b17131e6b3afb38971312a4d91ae3349d2d118bdfc3d8de94

d6433af8f9073eb01e076482b684cd9599bf059e09f9a128d691bd194007c8c4

ee2d8c841bb376f17fb4a469cd2bfcdb209e5f537bd3b5791a470066ef18676e

f3940f6c65cda4da86d1f9712223b8a278cd0dc90f701938a38a61ff74c66c66

+ 697 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220203-r5a9haafhj/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

6825716f7a72eedb249630bf9b0331a80cb09db8522f0fccbdcdbbe333c1c2c7

MD5 hash:

74d8de3dfb5e539b1587d455df9ec1bd

SHA1 hash:

6c8d9138efc0b9c8a9e2f4c63b62fc3e8b2959d6

Link:

https://www.unpac.me/results/53542c1a-4e05-49eb-99f5-f2e985a1284b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6825716f7a72eedb249630bf9b0331a80cb09db8522f0fccbdcdbbe333c1c2c7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 6825716f7a72eedb249630bf9b0331a80cb09db8522f0fccbdcdbbe333c1c2c7

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2026326/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/232275/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample