MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69a7e42a1c0b9413c66f96880ba467ebe5b103740224f0d90dd5ad0862e37a5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CoinMiner

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	69a7e42a1c0b9413c66f96880ba467ebe5b103740224f0d90dd5ad0862e37a5d
SHA3-384 hash:	78f8d5719a891a7b0526075ce81c07fe7867e1d7c5e4316eb6112b534af29386fb3a96d4d3e8dcb81b802345a64a6e80
SHA1 hash:	10850105316be51fae057fc60c1c4c086c79b787
MD5 hash:	71600185c49b953ae8b550def2bcadc2
humanhash:	mockingbird-mountain-connecticut-tennessee
File name:	SecuriteInfo.com.Win32.Packed.VMProtect.ACR.27745.27532
Download:	download sample
Signature	CoinMiner Create hunting rule
File size:	3'278'280 bytes
First seen:	2022-03-23 09:17:59 UTC
Last seen:	2022-03-25 06:59:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4e4095a0d90406c8428c5d9a9c6b05b7 (26 x CoinMiner, 4 x CoinMiner.XMRig)
ssdeep	49152:RQA2HVmAzc2S3uVZ4vmSOW+r8mhWQAPzuIlNaqjxiQtDLOGM1bhiKzEx:oHQAzdS3uVyzolYNt1I
TLSH	T17EE502BD72A83758C41B8C345133EE48B176162F4BF588BD71CBFA80BF6B4509A52B16
Reporter	SecuriteInfoCom
Tags:	CoinMiner exe

Intelligence

File Origin

# of uploads :

# of downloads :

196

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/255965/

Detection(s):

SecuriteInfo.com.Win32.Packed.VMProtect.ACR.27745.27532.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a file in the %AppData% subdirectories

Launching the default Windows debugger (dwwin.exe)

Sending a custom TCP request

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

0/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10826/overview

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/623ae5d6b94fb38cb4d7fabd/reports/f057ced1-d2ed-4fd4-8c9a-464416d03188/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/2671370d-2f8a-48d8-8743-f25500340883

Result

Threat name:

Xmrig

Detection:

malicious

Classification:

evad.mine

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/962702

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/69a7e42a1c0b9413c66f96880ba467ebe5b103740224f0d90dd5ad0862e37a5d/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2022-03-23 02:35:42 UTC

File Type:

PE+ (Exe)

AV detection:

24 of 42 (57.14%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ngt6ikq4bokbhrtps2eaxjdh5ps3ca3uaispbwin2wwqqyxdpjoq._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence upx

Link:

https://tria.ge/reports/220323-k9nbasbdh4/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of SetThreadContext

Adds Run key to start application

Downloads MZ/PE file

UPX packed file

Unpacked files

SH256 hash:

69a7e42a1c0b9413c66f96880ba467ebe5b103740224f0d90dd5ad0862e37a5d

MD5 hash:

71600185c49b953ae8b550def2bcadc2

SHA1 hash:

10850105316be51fae057fc60c1c4c086c79b787

Link:

https://www.unpac.me/results/4c0d23cb-df3b-4e07-a9b1-11fc31527fb9/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/69a7e42a1c0b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/69a7e42a1c0b9413c66f96880ba467ebe5b103740224f0d90dd5ad0862e37a5d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CoinMiner

exe 69a7e42a1c0b9413c66f96880ba467ebe5b103740224f0d90dd5ad0862e37a5d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2111833/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/255965/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample