MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68e0c8bcb14bc94813d8c6494966d1f32b60ccca1fb9d80996707abeee3d2db5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68e0c8bcb14bc94813d8c6494966d1f32b60ccca1fb9d80996707abeee3d2db5
SHA3-384 hash: a86f236fc5613ea5c9b49dc7f8855a74b9cf99244ad5e40cb5f4fd0ac31d2ff565c7902a9c4875af03760a6a82c063b5
SHA1 hash: b43bcf90a79164d553bb2b5cb0b4dfe9032074fa
MD5 hash: a76688ac6e0e987395dbf946556b5354
humanhash: may-floor-edward-jersey
File name:SecuriteInfo.com.Trojan.Heur.GM.0000436180.28007.17088
Download: download sample
File size:9'372'160 bytes
First seen:2020-05-12 13:29:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5346271e19c97ff7635cfa504e8439ab (1 x CryptBot)
ssdeep 196608:xpa9yS1Thx2NWaKhUeTqvKVzJS9JRwmsLKvO60CM+Qaz:uaLI88Yaa
Threatray 50 similar samples on MalwareBazaar
TLSH 599633621FAF0235E90F1BB24DD750B4123D245E56E8416A7F23EDA3F6187A9B09C3E4
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Heur.GM.0000436180.28007.17088.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Coins
Create hunting rule
Status:
Malicious
First seen:
2020-05-10 23:52:56 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
138186892d63fe3b0d5f8c62bd3b11737392e22fd5fd68f32dd5612e78a6407c
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
4447d83b1a103618cea2deaed2e10d38aef10df6dfd7c24288e632004d4590ea
57322806d9dc1437a2491cac599aa2df5028184e3deec9d9c45c6b4d003b0132
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
c91e89e7dd72b337a6933cf71f0b9905d58460ca0f0c922f49ad86d3819af960
d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2
+ 40 additional samples on MalwareBazaar
Result
Malware family:
cryptbot
Create hunting rule
Score:
  10/10
Tags:
family:cryptbot discovery evasion spyware stealer trojan
Link:
https://tria.ge/reports/201109-c5722c1kma/
Behaviour
Checks processor information in registry
Modifies system certificate store
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
CryptBot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 68e0c8bcb14bc94813d8c6494966d1f32b60ccca1fb9d80996707abeee3d2db5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/361527/
  
Delivery method
Distributed via web download

Comments